[英]Microsoft Certificate Authority - Cloning
I'm considering to clone a CA that has its private key stored in a HSM from environment A to environment B. However, if the private key cannot be cloned, is there anyway we can start the CA service just so I can generate a new key-pair/CSR or to re-initialise it instead of re-installing the CA service? 我正在考虑从环境A到环境B克隆一个将其私钥存储在HSM中的CA。但是,如果无法克隆私钥,无论如何我们都可以启动CA服务,以便生成一个新的CA。密钥对/ CSR还是重新初始化,而不是重新安装CA服务?
Basically, I'm trying to avoid re-installing the CA service if there is an alternative solution such as editing the registry or some configuration file. 基本上,如果有其他解决方案,例如编辑注册表或某些配置文件,我将尽量避免重新安装CA服务。
Some HSMs will allow you to backup and restore the private key material onto a secure token. 一些HSM将允许您将私钥材料备份和还原到安全令牌上。 I know that Safenet's Luna SAs allow this, for example.
例如,我知道Safenet的Luna SA允许这样做。 You could backup the key material and then restore it to a secondary HSM or separate HSM partition (if your HSM supports those) to effectively clone the CA key material.
您可以备份密钥材料,然后将其还原到辅助HSM或单独的HSM分区(如果您的HSM支持),以有效地克隆CA密钥材料。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.