Case Study – PKI Assessment & Deployment

27 Mar 2020

Case Study – PKI Assessment & Deployment

/
Posted By
/
Comments0

Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure. The client was implementing a new 2016 PKI infrastructure to support their SHA-2 internal certificates as well as an accelerated migration path for all certificates. Please see the table below for full details:

ChallengeSolutionBenefits
  • Root CA was nearing to its expiry
  • Root CA deployed on ADCS 2008 , nearing end of its support
  • Loss of HSM Keys to Root CA
  • Unable to sign and publish new CRL’s
  • Lack of documentation and procedures
  • No CP/CPS Policy
  • Creation of redundant ICA’s that were hardly used
  • No proper roles & responsibilities defined for PKI custodians
  • Assessment of Current PKI infrastructure
  • Designing a new PKI service based on Microsoft ADCS 2016 R2
  • Creating CP & CPS documents
  • Consolidating of Issuing CA’s from 9 to 4 ICA’s
  • Installation and configuration of HSM for storing CA & ICA keys
  • Creating Key Ceremony procedures and defining roles & Responsibilities for Key management
  • Implementing PKI hierarchy with offline Root CA and 4 Issuing CA’s connected to four domain forest
  • Validating the existing Cert templates and creating new Certificate templates to create existing and upcoming Digital certificate requirements
  • Using existing Http Server & LDAP for CDP ( CRL distribution Point)
  • A well-defined PKI system
  • Defining people, process & technology to manage PKI infrastructure
  • Consolidating and removal of redundant ICA’s thus reducing infrastructure and maintenance cost
  • Provide auditors with the required information for PKI
  • Enable support for new digital certificate demands such as MDM, VPN, and IoT requirements
  • Issuing of valid certificates for existing internal-facing web apps and valid certificate chain