You have an enterprise certification authority (CA) named ContosoCA. Recovery agents are configured for ContosoCA.
You duplicate the User certificate template and name it Cont_User. You plan to issue the certificates based on Cont_User to provide users with the ability to encrypt email messages and files.
You need to ensure that the recovery agents can access any user-encrypted files and email messages if the users lose their certificate.
What should you do?
A. Modify the Recovery Agents settings for ContosoCA.
B. Issue a certificate based on a key recovery agent certificate.
C. Modify the Request Handling settings for Cont_User.
D. On ContosoCA, configure the Key Recovery Agent template as a certificate template to issue.
Of course he said, he informed exactly where to perform the configuration that the question puts as correct.
The question is correct!
21given answer C is correct.
after Key Recovery Agent certificate template created, issued it to Key Recovery Agent and configured the CA to use a Key Recovery Agent.
We’re not protected against key loss just yet because the certificate templates that are issued out need to have key archival enabled.
Right click on a certificate template which you need to enable key archival for, duplicate it, give it a name, go to Properties and then to the Request Handling tab. Tick Archive subject’s encryption private key:
Spoke, talk, talk talk, and didn’t explain anything.