This scenario might be useful for a company that needs to increase the security of the system digital certificate private keys that are associated with the SSL-secured business transactions.
A company has a system dedicated to handling business-to-business (B2B) transactions. This company's system specialist, Sam, has been informed by management of a security requirement from its B2B customers. The requirement is to increase the security of the system's digital certificate private keys that are associated with the SSL-secured business transactions that Sam's company performs. Sam has heard that there is a cryptographic hardware option available for systems that both encrypts and stores private keys associated with SSL transactions in tamper-responding hardware: a Cryptographic Coprocessor card.
Sam decides that the Cryptographic Coprocessor meets his company's requirement to increase the security of his company's system.
Sam needs to perform the following steps to secure private keys with cryptographic hardware on his company's system:
The private key associated with the new digital certificate is now stored on the Cryptographic Coprocessor specified in Step 2.c. Sam can now go into the configuration for his company's web server and specify that the newly created certificate be used. Once he restarts the web server, it will be using the new certificate.