Abstract:CA(certificate authority) is a critical component in PKI. When the private key of a CA is compromised, all the certificates issued by that CA should be revoked. Keeping the private key secret while providing service online is very important for a CA. Distributing private key of CA into n components via threshold cryptography can not only make the private key of CA secret and usability, but also make CA can tolerate some intrusion. A CA scheme and its private key distribute with Shamir's Lagarange polynomial secret shares, suit needs more practically. At last, security, efficiency and usability of the CA scheme are analyzed security. Through analysis, the scheme has good performance.