What CA signs certificates when using Azure Key Vault with HSM to generate & store application PKI keys and certificates?

Marcus Serrao 1 Reputation point
2023-04-04T16:36:47.7366667+00:00

Hi. Can anyone tell me what CA is used when I generate keys and get them signed within the Azure Key Vault? Also, do I have the ability to stand up a subordinate CA in Azure, leveraging Azure Key Vault with HSM to store my CA keys and where the sub CA keys are signed by an on-premise offline root CA? thanks! Marcus

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,343 questions
Azure Dedicated HSM
Azure Dedicated HSM
An Azure service that provides hardware security module management.
31 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sam Cogan 10,762 Reputation points MVP
    2023-04-05T08:23:07.16+00:00

    When you generate a key in Azure Key Vault it is a self-signed key, it is not signed by any CA.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.