The security of a certification system depends on how the private keys are protected. The design of Microsoft® Certificate Server ensures that it cannot be misused by an individual to perform unauthorized access of private key information. Because key management in Certificate Server is performed by Microsoft CryptoAPI, Certificate Server is isolated from these confidential pieces of data. Also, the CryptoAPI functions can employ the services of anything from software modules to hardware-based key engines for the generation and protection of keys. This allows organizations using Certificate Server to select the appropriate key-management system strength for the organization.