Venafi Advanced Key Protect

Venafi Advanced Key Protect is an optional add-on feature to Venafi Trust Protection Platform that allows you to use an HSM for central private key generation, remote key generation, and code signing certificate private key storage.

Before enabling Venafi Advanced Key Protect, contact your Venafi sales representative to understand how this feature will affect your billing.

Venafi Advanced Key Protect is enabled in the Venafi Configuration Console. For more information see Enabling Venafi Advanced Key Protect.

Central private key generation

With central private key generation, Trust Protection Platform generates and stores the private key that is used for the CSR (certificate signing request).

For more information on central private key generation, see Hardware Central key generation with Venafi Advanced Key Protect.

Remote private key generation

Remote private key generation means that you are using a supported driver to connect to an HSM where the private key is stored. In this case, Trust Protection Platform never sees the private key. Remote private key generation using an HSM is supported on the following drivers:

• Apache
• CAPI
• JKS

For more information about remote private key generation, see Hardware remote key generation with Venafi Advanced Key Protect.

For more details on the differences between remote private key generation and central private key generation, see Supported methods of key generation.