I'm creating an application that will work and manage digital certificate clients.
The idea is to import the client's certificate and I leave available subscription and transmission methods to for example, for example. But for those who understand the digital certificate, you know that the most common are A1 (file) and A3 (Token).
In my application I decided to answer only A1 because of the practicality of import.
My question is about security, because when the client imports the certificate into my system do I store this certificate on the server in the Database or Disk?
And I also worry about the possibility of a hacker attack on the server. For those who understand digital certificate, they know how much it is a serious thing and can not be in anyone's hand.
What would be the best path in this situation?