Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Set Up a Certification Authority by Using a Hardware Security Module

Updated: June 24, 2013

Applies To: Windows Server 2008

Using a hardware security module (HSM) can enhance the security of a certification authority (CA) and public key infrastructure (PKI).

An HSM is a dedicated hardware device that is managed separately from the operating system. These modules provide a secure hardware store for CA keys, as well as a dedicated cryptographic processor to accelerate signing and encrypting operations. Windows utilizes the HSM through the CryptoAPI interfaces—the HSM functions as a cryptographic service provider (CSP) device.

Installation instructions for HSMs should be provided by the HSM vendor because there are typically pre-installation requirements as well as device specific settings that are required during CA installation.

HSMs typically are PCI adapters but are also available as network-based appliances. If an organization plans to implement two or more CAs, you can install a single network-based HSM and share it among multiple CAs.

In order to set up a CA by using an HSM, the HSM must be installed and configured before you set up any CAs whose keys will be stored on the HSM.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft