This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi. Can anyone tell me what CA is used when I generate keys and get them signed within the Azure Key Vault? Also, do I have the ability to stand up a subordinate CA in Azure, leveraging Azure Key Vault with HSM to store my CA keys and where the sub CA keys are signed by an on-premise offline root CA? thanks! Marcus
Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik
When you generate a key in Azure Key Vault it is a self-signed key, it is not signed by any CA.