Enabling Key Escrow/Recovery with a Microsoft CA

Make sure that you meet the prerequisites listed here, and then complete the steps listed in the following section.

• The ActivID CMS server is connected to a CA (refer to Procedures for Configuring Connections to Certificate Authorities).

• The ActivID CMS User has an enrollment certificate and is assigned CA level rights to manage certificates.

• If you plan to use ActivID CMS to Escrow and recover RSA keys with a Microsoft CA, then install ActivID CMS on a Windows Server (Enterprise Edition) machine. The CA must be a Microsoft Windows 2016 or 2019 CA.

• If you plan to use ActivID CMS to Recover RSA keys with a Microsoft CA, then install ActivID CMS on a Windows Server machine and update the definition of the connection in ActivID CMS to provide Recovery Agent credentials. For more information, refer to Configuring ActivID Credential Management System for Key Recovery.