Home/ Questions/Q 62251
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-10T18:26:48+00:00

I find myself needing to store public key certificates, and a single private key

  • 0

I find myself needing to store public key certificates, and a single private key certificate for an in-house application.

A member of our team suggested storing the X509 certificates in the database, instead of storing it in the windows certificate store, as we have been doing up until now. I don’t like re-inventing the wheel, but I have to at least consider the idea. it would mean keeping our data more centralized, which is good, I suppose.

The initial barriers that I can see are:

  • The private key still needs to be stored somewhere, and I don’t know if shoehorning it into a ‘public key’ table is a good idea. I don’t like the idea of setting up a table for a single element, either. Perhaps just keep the private key as a local file? (.pfx file, for instance).
  • Revocation Lists. We would probably have to set up a process to deal with revoked public keys.

I don’t have a lot of experience with X509 certificates, so, my question is: Are there any other problems we are likely to encounter storing public key certificates in a database, instead of going with the windows certificate store?

It’s worth bearing in mind that this application is going to be rolled out onto several business clients servers, so keeping all the data in a single place will make for easier backups. Oh, and the in-house app in question is being developed with C#..

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. What is the purpose of your application?

    If you are handling all the crypto in your application, and can reference a PKCS#12 cert + private key file, then going the database route is probably fine.

    If you need to use Windows Crypto API to access the certs, then you’ll probably want to keep using the built-in certificate store. You gain some advantages here as you can protect the private key on an external device, like a smart card or Hardware Security Module (HSM).

    You’ll want to make sure that you go through a significant effort to protect the private key if you’re storing everything on the local disk. Be sure to use a strong passphrase and use best practices to protect this passphrase in your app.

    • 0