HSM On Demand for Microsoft Active Directory Certificate Services

HSM On Demand for Microsoft ADCS provides a root of trust for Microsoft Root Certificate Authority (CA) signing key in an HSM.

HSM On Demand for Microsoft ADCS (Active Directory Certificate Services) enforces hardened boundaries for the Microsoft Root Certificate Authority’s root cryptographic signing key, which is used to sign the public keys of certificate holders. Using this service secures the Microsoft ADCS root key, ensuring the security of the trust hierarchy. By providing the root of trust for the CA's public key, Microsoft’s security is bolstered – for example, when configuring applications servers hosting Microsoft ADCS in dispersed data centres.

Key Features

• Microsoft Root Certificate Authority’s root cryptographic signing keys are encrypted with a master key
• HSM On Demand service key vault ensures protection of root CA signing key

Benefits

• Reduce the complexity of securing Certificate Authority Servers in the cloud
• Cloud / On-Premises / Hybrid Agnostic
• Optimal performance
• Scalable solution
• Fully automated service orchestration
• Focus on your business, not managing security hardware and software