Before you can use encryption in DPM, you need to do the following:
- Import certificates from a CA or create a self-signed
certificate
- Manage your account in Microsoft Management Console (MMC)
- Import certificates into DPMBackupStore
When you import a certificate, you copy the certificate from a file that uses a standard certificate storage format to a certificate store for your user account or your computer account.
The following procedures describe how to manage your account in MMC and import certificates into the DPM certificate store, DPMBackupStore.
To manage your account in MMC
-
See Manage Certificates for Your User Account (http://go.microsoft.com/fwlink/?LinkId=92788).
To import certificates into DPMBackupStore
-
In MMC, open the Certificates snap-in.
-
In the console tree, click DPMBackupStore.
-
On the Action menu, point to All Tasks, and then click Import to start the Certificate Import Wizard.
-
Click Next.
-
Type the name of the file that contains the certificate to be imported, or click Browse and navigate to the file.
Certificates can be stored in several different file formats. The most secure format is Public-Key Cryptography Standard (PKCS) #12, an encryption format that requires a password to encrypt the private key. For optimum security, send certificates using this format.
If the certificate file is in a format other than PKCS #12, skip to step 8.
If the certificate file is in the PKCS #12 format, do the following:
- In the Password box, type the password used to encrypt
the private key. You must have access to the password that was
originally used to secure the file.
- (Optional) If you want to be able to use strong private key
protection, select the Enable strong private key protection
check box, if available.
- (Optional) If you want to back up or transport your keys at a
later time, select the Mark key as exportable check box.
- In the Password box, type the password used to encrypt
the private key. You must have access to the password that was
originally used to secure the file.
-
Click Next.
-
In the Certificate Store dialog box, select Place all certificates in the following store, click Browse, and select DPMBackupStore.
-
Click Next, and then click Finish.
Note The file from which you import certificates remains intact after you have imported the certificates. You can use Windows Explorer to delete the file if it is no longer needed.
To import self-signed certificates into DPMBackupStore Using Makecert.exe
-
Type the following command
Makecert.exe -r -n "CN=MyCertificate" -ss DPMBackupStore -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -e <expiry date in mm/dd/yyformat>