Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Applies To: Windows Server 2008
Using a hardware security module (HSM) can enhance the security of a certification authority (CA) and public key infrastructure (PKI).
An HSM is a dedicated hardware device that is managed separately from the operating system. These modules provide a secure hardware store for CA keys, as well as a dedicated cryptographic processor to accelerate signing and encrypting operations. Windows utilizes the HSM through the CryptoAPI interfaces—the HSM functions as a cryptographic service provider (CSP) device.
Note
Installation instructions for HSMs should be provided by the HSM vendor because there are typically pre-installation requirements as well as device specific settings that are required during CA installation.
HSMs typically are PCI adapters but are also available as network-based appliances. If an organization plans to implement two or more CAs, you can install a single network-based HSM and share it among multiple CAs.
In order to set up a CA by using an HSM, the HSM must be installed and configured before you set up any CAs whose keys will be stored on the HSM.