What kind of resources will I need to setup and run a campus CA?
For hardware you should have the following:
For software you should have the following:
- One dedicated server that will be your "CA Box." This is where you will load your CA software. This is where your CA software will reside.
- An optional Hardware Security Module (HSM) to hold the private key of your CA. This is optional, but a highly recommended component of a CA. It is not an absolute requirement for PKI-Lite. A separate Q&A later in this section describes an HSM and why it is so highly recommended.
- A second computer or adequate computer resources for the Registration Authority software.
Another key component of an operational CA is the database or directory of people/objects to whom certificates will be issued. You should have the following:
- CA software and RA software. The RA software generally comes as part of the CA software bundle if it is applicable.
Last but not least, you should have
- A network connection between the server that hold a campus directory/database/etc. and the server on which the RA software resides.
None of this software/hardware runs or operates itself. CA robots are still in the future. In addition to these physical resources, people are needed. You should have the following:
- A secured physical area in which to store the CA server with controlled and monitored access. Some campuses use a section of their existing machine rooms.
- At least a portion of two staff members time will be needed for setup to select, install and configure the hardware and software over a period of 2 - 4 months.