0

I'm considering to clone a CA that has its private key stored in a HSM from environment A to environment B. However, if the private key cannot be cloned, is there anyway we can start the CA service just so I can generate a new key-pair/CSR or to re-initialise it instead of re-installing the CA service?

Basically, I'm trying to avoid re-installing the CA service if there is an alternative solution such as editing the registry or some configuration file.

Dickson Chu
  • 3
  • 2

1 Answers1

0

Some HSMs will allow you to backup and restore the private key material onto a secure token. I know that Safenet's Luna SAs allow this, for example. You could backup the key material and then restore it to a secondary HSM or separate HSM partition (if your HSM supports those) to effectively clone the CA key material.

Shadowman
  • 11,150
  • 19
  • 100
  • 198