Backup and restore of the Certificate Factory in Certificate Manager

This article describes backup and restore routines for the Certificate Factory (CF) in Smart ID Certificate Manager (CM).

Backup strategy

Most data in the database cannot be reconstructed in the event of a total disk crash. Therefore, it is essential to have suitable backup routines in place and ensure correct management of the data. It is important to perform regular backups of the installation. If you perform regular backups, you will be able to recover from a failure, by restoring the most recent backup.

Backup databases

Backup the CMDB database on a regular basis. See backup information from the respective database vendor. The format of the CMDB database is described in the Technical Description.
In the event of a database failure, recover by restoring the latest backup, and then update the database with help of the transaction log.

Backup configuration files

Backup all configuration files in the <configuration_root>/config directory and its sub directories after any changes.

Backup system keys

Backup the Key Encryption Key (KEK), the TLS server key and the PIN decryption keys. These keys are stored in the <configuration_root>/certs directory. If an HSM is used to handle system keys, see backup information from the respective HSM vendor.

Reset database users with MSSQL

Reset database users

After moving or restoring an MSSQL-hosted CMDB, it might be necessary to reset the database users. The username used to log in to the MSSQL server is by default LCMReq. The SID number may have changed and then you are not able to log in.

Generate a report to find out whether a database user has a changed SID number:
Generate report

CODE
```
use <database_name>
exec sp_change_users_login 'Report'
```
If the query returns a response, the user must be reset.

Example: For MSSQL server, execute these commands:

Example: For MSSQL server

CODE

use <database_name>
exec sp_change_users_login 'Auto_fix','<User ID>',Null,'<password>'