Offline Root CA Storage

Offline Root CA Storage

Risk-reducing, Offline Certificate Authorities

VirtuCrypt Elements Offline Root CA Storage provides a secure root certificate authority over the secure VirtuCrypt Intelligence Portal (VIP) Dashboard, an intuitive, cloud-powered interface. At the highest point within a Public Key Infrastructure (PKI) hierarchy, the root CA is trusted by all an organization’s users, and as such it should be treated with the utmost importance. For comprehensive risk reduction, the Root CA is kept offline to ensure security.


How It Works

VirtuCrypt provides the hardware on which the offline root CA is installed. This service functions by following the procedures below:

  • The root CA generates a self-signed certificate, allowing it to preside as the root of trust for the infrastructure.
  • Subordinate CAs are created under the root CA. These CAs can issue any certificates issued by the root CA.
  • The root CA is temporarily brought online to issue subordinate CAs.

Physical and Logical Protection

Root CAs have limitless applications within a cryptographic environment, including data protection and ID issuance. Capable of such wide-ranging uses, these CAs require significant protection. VirtuCrypt provides the following security measures to safeguard against physical and logical threats. 

  • The CA is kept within a secure, access-controlled data center with multi-factor authentication, including the use of biometrics.
  • The Futurex servers used to store the offline root CA are protected by barrel locks with a tamper resistant design.
  • All user access operates on the principle of least privilege, enforcing split knowledge, and ensuring lone users never have access to independently issue CAs.
Diagram shows VitruCrypt storing a certificate on a hardened certificate management server and taking the server offline

High-Level Benefits

A fully-managed and hosted PKI enables your organization to validate the integrity of users, devices, and more. The following are additional benefits provided by a PKI with an offline-root CA:

  • PKI ensures your communication is private.  By protecting the root CA, your organization secures its most valuable information.
  • Keeping a root CA offline, and powered down, reduces your organization’s scope of compliance by separating the CA from potentially malicious third parties on the network.
  • VirtuCrypt Solutions Architects, each with qualified by the latest security industry certifications, handle your services and the devices which power them, decreasing the possibility of employee error.