×

See how our services helped a Healthcare and Life Science Company better implement encryption into their infrastructure.

Learn More


    Case Study – PKI Assessment & Deployment

    Home » Case Studies » Case Study – PKI Assessment and Deployment
    27 Mar 2020

    Case Study – PKI Assessment and Deployment

    /
    Posted By

    Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure. The client was implementing a new 2016 PKI infrastructure to support their SHA-2 internal certificates as well as an accelerated migration path for all certificates. Please see the table below for full details:

    well-established PKI
    Challenge Solution Benefits
    • Root CA was nearing to its expiry
    • Root CA deployed on ADCS 2008 , nearing end of its support
    • Loss of HSM Keys to Root CA
    • Unable to sign and publish new CRL’s
    • Lack of documentation and procedures
    • No CP/CPS Policy
    • Creation of redundant ICA’s that were hardly used
    • No proper roles & responsibilities defined for PKI custodians
    • Assessment of Current PKI infrastructure
    • Designing a new PKI service based on Microsoft ADCS 2016 R2
    • Creating CP & CPS documents
    • Consolidating of Issuing CA’s from 9 to 4 ICA’s
    • Installation and configuration of HSM for storing CA & ICA keys
    • Creating Key Ceremony procedures and defining roles & Responsibilities for Key management
    • Implementing PKI hierarchy with offline Root CA and 4 Issuing CA’s connected to four domain forest
    • Validating the existing Cert templates and creating new Certificate templates to create existing and upcoming Digital certificate requirements
    • Using existing Http Server & LDAP for CDP ( CRL distribution Point)
    • A well-defined PKI system
    • Defining people, process & technology to manage PKI infrastructure
    • Consolidating and removal of redundant ICA’s thus reducing infrastructure and maintenance cost
    • Provide auditors with the required information for PKI
    • Enable support for new digital certificate demands such as MDM, VPN, and IoT requirements
    • Issuing of valid certificates for existing internal-facing web apps and valid certificate chain

    Subscribe to

    weekly blogs.

    Join our professional community and learn how to protect your organization from external threats!

    Our weekly blogs tackle topics from common code signing mistakes, to building your own PKI.

    Download this BLOG as PDF

    About Post Author

    President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

    You may also like these blogs

    Related Posts

    A Detailed Guide on Building your own PKI
    Knowing the Modern PKI
    PKI deployment common mistakes and challenges

    Want to learn from PKI Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get Traning Details

    Get a Free Quote for your PKI services

    Request Quote

    Free Downloads for PKI services

    Download our datasheet on PKI services

    ×

    The private keys of the code-signing certificate can be stored in an HSM to eliminate the risks associated with stolen, corrupted, or misused keys.

    Client-side hashing ensures build performance and avoids unnecessary movement of files to provide a greater level of security

    The command line signing tool provides a faster method to sign requests in bulk

    Robust access control systems can be integrated with LDAP and customizable workflows to mitigate risks associated with granting wrong access to unauthorized users, allowing them to sign code with malicious certificates

    Support for customized workflows of an “M of N” quorum with multi-tier support of approvers

    Support for InfosSec policies to improve adoption of the solution and enable different business teams to have their own workflow for Code Signing

    Validation of code against UpToDate antivirus definitions for virus and malware before digitally signing it will mitigate risks associated with signing malicious code