Details about the Console and Agent certificates used by RMAD
Require more detailed information about the Console and Agent certificates and how they are used.
The certificates are created when RMAD(FE) is first installed and is created using the makecert tool locally on your server. (makecert tool: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx)
In 8.x SHA1 is used with a 1024bit key. In 9.x, SHA256 is used with a 2048bit key. The cipher strength is configurable in in the RegisterCertificate.cmd file found in the installation directory
The certificates used are unique to each installation
The certificates are stored in the Computer Personal Certificate Store on the RMAD server
The Agent certificate is transmitted to the DCs over RPC (secured and encrypted) either when the Forest Recovery Agent is installed (if using RMADFE) or if you run an Offline Restore, it is sent over RPC when the Offline Restore Agent is installed. The authentication mode is set to Negotiate