Forum Discussion
Certificate Authority Revocation issues: CRL db lost in migration
We currently have a CA which was migrated from a retired server no longer available - over 6 months now but they didn't complete the migration, and the revocation database is missing. We're now exper...
Hello, prepare new server with AD CS in “Recovery CA” mode.
-Stop the service (net stop certsvc), copy from backup the .edb, .log and edb.chk files to C:\Windows\System32\CertLog.
-Run certutil -recoverdb, then net start certsvc.
-Regenerate the CRL with certutil -crl.
This way you keep the same root cert, renewals will use the CDP/AIA already in DNS and all previous revocations will be available again.