Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Set Up a Certification Authority by Using a Hardware Security Module

Applies To: Windows Server 2008 R2

Using a hardware security module (HSM) can enhance the security of a certification authority (CA) and public key infrastructure (PKI).

An HSM is a dedicated hardware device that is managed separately from the operating system. These modules provide a secure hardware store for CA keys, as well as a dedicated cryptographic processor to accelerate signing and encrypting operations. Windows utilizes the HSM through the CryptoAPI interfaces—the HSM functions as a cryptographic service provider (CSP) device.

HSMs typically are PCI adapters but are also available as network-based appliances. If an organization plans to implement two or more CAs, you can install a single network-based HSM and share it among multiple CAs.

In order to set up a CA by using an HSM, the HSM must be installed and configured before you set up any CAs whose keys will be stored on the HSM.

Additional references

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft