About certificate on the CA device

I found a solution to apply CA safely to users:

“The root certificate private key is offline, so this one can’t be stolen.
It was used to generate an intermediate key that is stored in a TPM.
This intermediate key is used to generate short lived “edge” certificate that is only valid 5 days and is regenerated every day.
The edge certificate is transferred encrypted and stored in memory only on our DNS edge servers.”

1 Like

This topic was automatically closed after 7 days. New replies are no longer allowed.