Create encryption certificates

Please do the following:

1. When you are finished creating the BitLocker policy and licensing BitLocker Management, save and reopen the policy. Then the BitLocker Management subnode appears in the policy tree.

   A text message indicates that no encryption certificates have been generated yet:

2. Click the Encryption certificates option or open the link in the text message.

3. In the Encryption certificate Properties dialog, select the Generate certificates button.

    

   You can import any existing certificates by clicking the Manage certificates button. If you do so, make sure that you do not overwrite any existing certificates because otherwise recovery will be impossible.

4. Follow the wizard and specify a certificate backup location. This can either be a folder in the file system or a smart card.

   Please make sure that the appropriate security requirements regarding storage location and access are met.

5. In the next step, define the passwords for the private keys (see figure).

   In this dialog, you specify the password for both the emergency logon certificate and the recovery certificate.

   

6. Next, DriveLock generates the encryption certificates in the location you specified.