diff --git a/server/internal/clients/ca-store.ts b/server/internal/clients/ca-store.ts
new file mode 100644
index 0000000..483108a
--- /dev/null
+++ b/server/internal/clients/ca-store.ts
@@ -0,0 +1,35 @@
+import path from "path";
+import fs from "fs";
+import { CertificateBundle } from "./ca";
+
+export type CertificateStore = {
+  store(name: string, data: CertificateBundle): Promise<void>;
+  fetch(name: string): Promise<CertificateBundle | undefined>;
+  blacklistCertificate(name: string): Promise<void>;
+  checkBlacklistCertificate(name: string): Promise<boolean>;
+};
+
+export const fsCertificateStore = (base: string) => {
+  const blacklist = path.join(base, ".blacklist");
+  fs.mkdirSync(blacklist, { recursive: true });
+  const store: CertificateStore = {
+    async store(name: string, data: CertificateBundle) {
+      const filepath = path.join(base, name);
+      fs.writeFileSync(filepath, JSON.stringify(data));
+    },
+    async fetch(name: string) {
+      const filepath = path.join(base, name);
+      if (!fs.existsSync(filepath)) return undefined;
+      return JSON.parse(fs.readFileSync(filepath, "utf-8"));
+    },
+    async blacklistCertificate(name: string) {
+      const filepath = path.join(blacklist, name);
+      fs.writeFileSync(filepath, Buffer.from([]));
+    },
+    async checkBlacklistCertificate(name: string): Promise<boolean> {
+      const filepath = path.join(blacklist, name);
+      return fs.existsSync(filepath);
+    },
+  };
+  return store;
+};
diff --git a/server/internal/clients/ca.ts b/server/internal/clients/ca.ts
index 5e607b0..0301d1f 100644
--- a/server/internal/clients/ca.ts
+++ b/server/internal/clients/ca.ts
@@ -1,6 +1,6 @@
 import path from "path";
 import droplet from "@drop/droplet";
-import { CertificateStore } from "./store";
+import { CertificateStore } from "./ca-store";
 
 export type CertificateBundle = {
   priv: string;
diff --git a/server/plugins/ca.ts b/server/plugins/ca.ts
index ae4e3bd..440803c 100644
--- a/server/plugins/ca.ts
+++ b/server/plugins/ca.ts
@@ -1,6 +1,6 @@
 import { CertificateAuthority } from "../internal/clients/ca";
 import fs from "fs";
-import { fsCertificateStore } from "../internal/clients/store";
+import { fsCertificateStore } from "../internal/clients/ca-store";
 
 let ca: CertificateAuthority | undefined;