The idea of keeping a CA root certificate on a server sounds pretty reckless. I sincerely hope that no root CA has done that, ever!

Out of curiosity, where do companies keep really important private keys?

A thumbdrive in some safe, and a few printed-out copies of the key just in case the thumbdrive fails?

On HSMs; purpose built hardware that tries to make it physically and programmatically impossible to extract the private key material. They're generated there during a key ceremony and never leave a HSM. They also generally require like 2 or 3 officers of the compnay with smart cards and personal PINs to actually do anything using the root CA (it only signs an intermediate cert like once in a blue moon or something).

I'm pretty sure the CA/B Forum mandates all CA private keys to remain on HSMs (checked through audits).

These resources explain it quite well, I think:

- https://en.wikipedia.org/wiki/Key_ceremony

- https://cryptography.fandom.com/wiki/Root_Key_Ceremony

You can even watch recordings of selected ceremonies on YouTube. Some of them are several hours long.