A Certification Authority (CA) is a point of trust in your IT environment. The keys of this CA must be protected with the highest available methods, but must also be accessible to an organization’s security officer(s) (SO) in the most convenient way. A security officer, for example, uses a CA to generate digital user certificates and certificates for computer management. If anyone has access to the root certificate, they are able to set up an identical CA. For this purpose, Utimaco is able to protect the keys from misuse. The keys are generated inside secure and protected memory of the Utimaco HSM. From the CNG key storage provider perspective, the generation of the keys is completely transparent.
