Root CA and nCipher HSM Disaster Recovery

From: Andrew Addison (andrew.addison@bjss.co.uk)
Date: 05/10/02


From: "Andrew Addison" <andrew.addison@bjss.co.uk>
Date: Fri, 10 May 2002 16:18:03 +0100


We have a root CA that uses an nCipher HSM for its keys running on Win2000
advanced server.

The question is how do we create a duplicate root CA for a disaster recovery
site? We need to be able to use the same root certificate on both sites.
I've read the how to (Q298138) which describes move the CA but it assumes
that we can create a .P12 file, which we can't because the keys are held by
the HSM.

Does anyone have any suggestions, or even better, know how to do it :-)

Cheers,

Andrew