But if their is a backdoor that will do you no good.
It would be safer than a password stored in a DB at least I’d have to present my private cert after being challenged for a pin number or password (not stored remotely only locally). It’s easier to protect the CA infrastructure and limit who has access to it.