CA　(certificate　authority)　is　an　important　component　in　PKI　(Public　Key　Infrastructure),　and　its　main　task　is　to　issue　and　sign　digital　certificates　that　can　identify　different　users.　When　the　private　key　of　a　CA　is　compromised,　all　the　certificates　that　are　issued　by　this　CA　would　be　revoked.　So,　keeping　the　private　key　secret　is　the　core　of　the　whole　PKI　security.　The　secure　managing　scheme　for　protecting　the　private　key　of　a　CA　recommended　in　this　article　is　based　on　threshold　cryptography.　By　storing　the　private　key　of　a　CA　in　more　than　one　components　and　by　ensuring　that　any　component　of　the　CA　is　unable　to　reconstruct　the　private　key,　this　scheme　makes　sure　that　even　if　some　components　are　compromised　or　some　system　administrators　betray　the　private　key　of　the　CA　would　not　be　leaked　and　the　CA　can　still　work　normally　in　the　process　of　generating,　distributing　and　using　the　private　key.