I am wanting to better understand the backup and restore process (in principle at least, without specifics) for a root or intermediate CA with a HSM.
I do understand that if the CA does not have a HSM then I could simply capture the complete system state and it will backup the private key. But where I get lost is how I can do a DR with an HSM (again without getting into specifics of the HSM type).
- How could you in principle restore access to the private key from the CA in case of a hardware failure of the HSM?
- Is the private key stored on the HSM itself or does the HSM just regulate access to the private key on the server?
Thanks for helping me understand the principles here.
Jean-Marie Vaneskahian
Jean-Marie Vaneskahian