O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing the CA’s Private Key

Your security measures also must protect a CA’s private key. If an individual is able to obtain the CA’s private key, it is possible for the user to build another CA computer with the same key pair, allowing impersonation of the CA and the ability to issue fraudulent certificates that are trusted by all users of your public key infrastructure (PKI). In the worst-case scenario, if the root CA private key is obtained, an attacker can build additional CAs that are trusted by the users and computers within your organization.

The measures you should take to protect your CA’s private key depend on how the private key is stored. For a Windows Server 2008 CA, there are three possibilities:

  • Store the private key in the local ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required