Defining Key Recovery Agents

To define a key recovery agent, you must ensure that a Key Recovery Agent certificate is issued to the designated user. The default Key Recovery Agent certificate template requires that certificate issuance be validated by a certificate manager. The process described in the next section assumes that this requirement does not change.

Note The holder of the private key associated with the Key Recovery Agent certificate is, ultimately, the key recovery agent. In that respect, the subject name of the certificate is inconsequential.

Was this article helpful?

0 0

Post a comment