Case Study – PKI Assessment & Deployment

Home » Case Studies » Case Study – PKI Assessment & Deployment
27 Mar 2020

Case Study – PKI Assessment & Deployment

/
Posted By

Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure. The client was implementing a new 2016 PKI infrastructure to support their SHA-2 internal certificates as well as an accelerated migration path for all certificates. Please see the table below for full details:

well-established PKI
Challenge Solution Benefits
  • Root CA was nearing to its expiry
  • Root CA deployed on ADCS 2008 , nearing end of its support
  • Loss of HSM Keys to Root CA
  • Unable to sign and publish new CRL’s
  • Lack of documentation and procedures
  • No CP/CPS Policy
  • Creation of redundant ICA’s that were hardly used
  • No proper roles & responsibilities defined for PKI custodians
  • Assessment of Current PKI infrastructure
  • Designing a new PKI service based on Microsoft ADCS 2016 R2
  • Creating CP & CPS documents
  • Consolidating of Issuing CA’s from 9 to 4 ICA’s
  • Installation and configuration of HSM for storing CA & ICA keys
  • Creating Key Ceremony procedures and defining roles & Responsibilities for Key management
  • Implementing PKI hierarchy with offline Root CA and 4 Issuing CA’s connected to four domain forest
  • Validating the existing Cert templates and creating new Certificate templates to create existing and upcoming Digital certificate requirements
  • Using existing Http Server & LDAP for CDP ( CRL distribution Point)
  • A well-defined PKI system
  • Defining people, process & technology to manage PKI infrastructure
  • Consolidating and removal of redundant ICA’s thus reducing infrastructure and maintenance cost
  • Provide auditors with the required information for PKI
  • Enable support for new digital certificate demands such as MDM, VPN, and IoT requirements
  • Issuing of valid certificates for existing internal-facing web apps and valid certificate chain

Subscribe to

weekly blogs.

Join our professional community and learn how to protect your organization from external threats!

Our weekly blogs tackle topics from common code signing mistakes, to building your own PKI.

Download this BLOG as PDF

About Post Author

President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

You may also like these blogs

Related Posts

A Detailed Guide on Building your own PKI
Knowing the Modern PKI
PKI deployment common mistakes and challenges

Want to learn from PKI Experts

We train some of the biggest names in the industry through virtual & Live Classes

Get Traning Details

Get a Free Quote for your PKI services

Request Quote

Free Downloads for PKI services

Download our datasheet on PKI services

Want to gain more skills in handling data security issues? Sign up for one of our upcoming training sessions today

Sign Up