FIX: Back up your file encryption certificate and key by Bas Wijdenes

Bitlocker or Encrypted File System (EFS)?

I got the error message “Back up your file encryption certificate and key” out of nowhere.

Strange, I use bitlocker and I think OneDrive for Business uses Encrypted File System (EFS) in Windows. If this is necessary, why have not I seen this message before?

After some Googling, I ended up at answer.micorosft.com where someone had written a small tutorial how to remove the certificate to stop receiving the error message.

In the tutorial below, I explain how you do that, when you can do it, and when you better not remove the certificate.


When can I delete the certificate, or is a back up better?

Unfortunately, I can not say for with 100% certainty that you can remove the certificate. This could cause all kinds of problems in the background.

I can tell you when you can export the certificate directly with the private key.
On my laptop I use encryption on the C-drive. A better description of this is Bitlocker.
OneDrive for Business also uses EFS. EFS can be recognized by the green file names.

It does not necessarily have to be that your entire system uses EFS, but what could have happend is that you have received an e-mail with a file in it that is locked with EFS.
This should also have a green file name like the screenshot below.

Back up your file encryption certificate and key
Back up your file encryption certificate and key.
  • So do you use Bitlocker or EFS? Then make a backup of the certificate.
  • Do you not use Bitlocker or EFS? Then I would still make a backup and then delete the certificate.

In the steps below, I will first explain how you can make a backup and then how to delete the certificates.


Let’s export the certificate.

The error message already indicates that it is best to make an export of the certificate.

You can click on Back up now (Recommended) in the error message.
The following screen will be opened, click next.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Type in a password you can remember.
Or all these steps become useless.
Click Next.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Browse to your documents directory and type in a name for the certificate.
Click Next.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Click Finish.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Now the certificate has been exported you can decide if you want to completely remove the certificates.

I have also written these steps.


Let’s remove the certificate.

Press Windows + R at the same time.
type in Certmgr.msc.
Click OK.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Open Personal > Certificates.
Here you’ll see several certificates.
Find the one with Encrypted File System as intended Purpose.
Right click the certificate > Remove.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Do the same for the directory Trusted People > Certificates.
Here will be 2 certificates for EFS.
Remove both of them.

Back up your file encryption certificate and key.
Back up your file encryption certificate and key.

Recap

The tutorial comes from answers.microsoft.com and I have extended it to my own tutorial, explaining how you can best approach this.


The complete error message

Back up your file encryption certificate and key

Creating this backup file helps you avoid permanently losing access to your encrypted files if the original certificate and key are lost or corrupted.

Back up your file encryption certificate and key
Back up your file encryption certificate and key.

Published by

Bas

My name is Bas Wijdenes and I work full-time as a Services Engineer. In my spare time I write about the error messages that I encounter during my work. Furthermore, I am currently occupied with Azure, Office 365, and PowerShell for automating daily tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *