In the near future I will be tasked with building a Tier 2 ADCS PKI that uses HSM's, can anyone tell me what I have to do differently when building the PKI, and how the HSM fits into the whole PKI? (Win 2016 or Win 2019 Server) I have a lot of experience with building tier 2 ADCS PKI's but I've never worked with HSM's before.
Asked
Active
Viewed 255 times
0
-
This should be asked at [Information Security](https://security.stackexchange.com/) – garethTheRed Sep 11 '19 at 18:45
1 Answers
1
The HSM is used to protect the private key of your CA server. The main difference is you will need to use the HSM vendor cryptographic provider when installing the CA service so the private key is not stored directly on the CA.
This page may provide better information on the topic.
twconnell
- 902
- 5
- 13