问题描述

所以Azure KV非常适合密钥/证书/机密，但我需要它像CA（证书颁发机构）一样。我正在寻找的控制流程是：

So Azure KV is great for keys/certs/secrets, but I need it to behave like a CA (certificate authority). The control flow I am looking is:

a。在KV内部使用Gen priv密钥，获取CSR，从外部通过Root公共CA签署CSR，以便它可以作为中间CA。

a. Gen priv key inside KV, get CSR, get CSR signed by Root public CA externally so it can behave as Intermediate CA.

b。使用私钥将中间CA链合并到KV中。现在KV既有密钥又有证书，可以作为中间CA，可以签署服务器证书。

b. Merge Intermediate CA chain into KV with its private key. Now KV has both key and cert which can act as Intermediate CA and can sign server certs.

c。获取存储在KV中的中间CA签署的服务器证书。 

c. Get server certs signed by Intermediate CA stored in KV. 

如果我可以在Azure HSM中存储私钥，那就更好但不是必需的。

If I can store private key inside Azure HSM, that is better but not a requirement.

我似乎无法证实KV可以充当CA或中级CA.如果目前不支持，我有哪些选择？我需要ICA在Azure云中并使用它来签署我的服务器证书。 

I cannot seem to confirm that KV can act as a CA or Intermediate CA. If this is not supported currently, what are my options? I need ICA to be in the Azure cloud and use that to sign my server certs. 

思考？ 

问候。

推荐答案

这篇关于使用Azure KV的中级CA？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！