Thanks. As a quick follow up. How is the local database itself secured\encyrpted?
I am relatively new to PKI, but am wanting to setup an infrastructure for my company. I am considering using XCA to create an offline root CA, and then ADCS for the sub issuing CAs. My question is does the XCA database always need to be opened on the same computer\hardware? For example, could I put the XCA database on an encrypted USB and then open it from any machine with XCA installed to issue CRLs and certs to the sub CAs. Thanks,