I am relatively new to PKI, but am wanting to setup an infrastructure for my company. I am considering using XCA to create an offline root CA, and then ADCS for the sub issuing CAs. My question is does the XCA database always need to be opened on the same computer\hardware? For example, could I put the XCA database on an encrypted USB and then open it from any machine with XCA installed to issue CRLs and certs to the sub CAs.
Thanks,
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The database is exchangeble between any host, operating system and currently any 2.x version of XCA. Just put the USB drive into any Linux/BSD/Windows/Mac host you trust and open the database.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The database itself as a whole is unencrypted. The private keys however are AES encrypted by the database password, or by a unique password for each key. (context menu "Change password")
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am relatively new to PKI, but am wanting to setup an infrastructure for my company. I am considering using XCA to create an offline root CA, and then ADCS for the sub issuing CAs. My question is does the XCA database always need to be opened on the same computer\hardware? For example, could I put the XCA database on an encrypted USB and then open it from any machine with XCA installed to issue CRLs and certs to the sub CAs.
Thanks,
The database is exchangeble between any host, operating system and currently any 2.x version of XCA. Just put the USB drive into any Linux/BSD/Windows/Mac host you trust and open the database.
Thanks. As a quick follow up. How is the local database itself secured\encyrpted?
The database itself as a whole is unencrypted. The private keys however are AES encrypted by the database password, or by a unique password for each key. (context menu "Change password")