Microsoft证书颁发机构-克隆
[英]Microsoft Certificate Authority - Cloning
问题描述
I'm considering to clone a CA that has its private key stored in a HSM from environment A to environment B. However, if the private key cannot be cloned, is there anyway we can start the CA service just so I can generate a new key-pair/CSR or to re-initialise it instead of re-installing the CA service? 
我正在考虑从环境A到环境B克隆一个将其私钥存储在HSM中的CA。但是,如果无法克隆私钥,无论如何我们都可以启动CA服务,以便生成一个新的CA。密钥对/ CSR还是重新初始化,而不是重新安装CA服务?
Basically, I'm trying to avoid re-installing the CA service if there is an alternative solution such as editing the registry or some configuration file. 基本上,如果有其他解决方案,例如编辑注册表或某些配置文件,我将尽量避免重新安装CA服务。
1 个解决方案
解决方案1
0 2018-05-08 18:31:39
Some HSMs will allow you to backup and restore the private key material onto a secure token. 一些HSM将允许您将私钥材料备份和还原到安全令牌上。 I know that Safenet's Luna SAs allow this, for example. 例如,我知道Safenet的Luna SA允许这样做。 You could backup the key material and then restore it to a secondary HSM or separate HSM partition (if your HSM supports those) to effectively clone the CA key material. 您可以备份密钥材料,然后将其还原到辅助HSM或单独的HSM分区(如果您的HSM支持),以有效地克隆CA密钥材料。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.