I find myself needing to store public key certificates, and a single private key certificate for an in-house application.
A member of our team suggested storing the X509 certificates in the database, instead of storing it in the windows certificate store, as we have been doing up until now. I don't like re-inventing the wheel, but I have to at least consider the idea. it would mean keeping our data more centralized, which is good, I suppose.
The initial barriers that I can see are:
- The private key still needs to be stored somewhere, and I don't know if shoehorning it into a 'public key' table is a good idea. I don't like the idea of setting up a table for a single element, either. Perhaps just keep the private key as a local file? (.pfx file, for instance).
- Revocation Lists. We would probably have to set up a process to deal with revoked public keys.
I don't have a lot of experience with X509 certificates, so, my question is: Are there any other problems we are likely to encounter storing public key certificates in a database, instead of going with the windows certificate store?
It's worth bearing in mind that this application is going to be rolled out onto several business clients servers, so keeping all the data in a single place will make for easier backups. Oh, and the in-house app in question is being developed with C#..
Thanks!