Services ">
Non-profit, member-based IT support for research & educational institutions

What kind of resources will I need to setup and run a campus CA?

For hardware you should have the following:

  • One dedicated server that will be your "CA Box." This is where you will load your CA software. This is where your CA software will reside.
  • An optional Hardware Security Module (HSM) to hold the private key of your CA. This is optional, but a highly recommended component of a CA. It is not an absolute requirement for PKI-Lite. A separate Q&A later in this section describes an HSM and why it is so highly recommended.
  • A second computer or adequate computer resources for the Registration Authority software.
For software you should have the following:
  • CA software and RA software. The RA software generally comes as part of the CA software bundle if it is applicable.
Another key component of an operational CA is the database or directory of people/objects to whom certificates will be issued. You should have the following:
  • A network connection between the server that hold a campus directory/database/etc. and the server on which the RA software resides.
Last but not least, you should have
  • A secured physical area in which to store the CA server with controlled and monitored access. Some campuses use a section of their existing machine rooms.
None of this software/hardware runs or operates itself. CA robots are still in the future. In addition to these physical resources, people are needed. You should have the following:
  • At least a portion of two staff members time will be needed for setup to select, install and configure the hardware and software over a period of 2 - 4 months.