Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
When you generate a key in Azure Key Vault it is a self-signed key, it is not signed by any CA.
What CA signs certificates when using Azure Key Vault with HSM to generate & store application PKI keys and certificates?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Marcus Serrao
1
Reputation point
Hi. Can anyone tell me what CA is used when I generate keys and get them signed within the Azure Key Vault? Also, do I have the ability to stand up a subordinate CA in Azure, leveraging Azure Key Vault with HSM to store my CA keys and where the sub CA keys are signed by an on-premise offline root CA? thanks! Marcus
Azure Key Vault
Azure Dedicated HSM
Azure Dedicated HSM
An Azure service that provides hardware security module management.
-
Akshay-MSFT 18,021 Reputation points Microsoft Employee Moderator2023-05-08T03:49:56.4266667+00:00 Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik
Sign in to comment
1 answer
Sort by: Most helpful
-
Sam Cogan 10,867 Reputation points Microsoft Employee2023-04-05T08:23:07.16+00:00