2.4 Key archival and recovery

MyID can archive keys on the Entrust server, locally within MyID, or in the MyID SecureVault database – within the Certificate Authorities workflow, you can set the Archive Keys drop-down list to None, Internal, Entrust, or Secure Vault.

If you have MyID SecureVault installed, you can select Secure Vault to archive the keys in the MyID SecureVault database. For more information, see the Integrating with MyID SecureVault section in the Administration Guide.

Within Entrust, the client generation value may be true, false, or missing – you are advised not to leave the value as missing, but to set the value to true if you want to archive the keys within MyID, and false if you want to archive the keys within Entrust.

Note: If you recover a revoked archive certificate, and the certificate is configured in the credential profile for Historic Only, a new archive certificate is created on the CA; this is expected Entrust behavior, and MyID correctly ignores this certificate and recovers the old revoked archive certificate. This does not happen if the certificate is live, or if the certificate is configured in the credential profile to Use existing.