Case Studies, PKI

PKI Assessment and Deployment

Last updated on

Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure. The client was implementing a new 2016 PKI infrastructure to support their SHA-2 internal certificates as well as an accelerated migration path for all certificates. Please see the table below for full details:

Challenges Solution Benefits
  • Root CA was nearing to its expiry
  • Root CA deployed on ADCS 2008 , nearing end of its support
  • Loss of HSM Keys to Root CA
  • Unable to sign and publish new CRL’s
  • Lack of documentation and procedures
  • No CP/CPS Policy
  • Creation of redundant ICA’s that were hardly used
  • No proper roles & responsibilities defined for PKI custodians
  • Assessment of Current PKI infrastructure
  • Designing a new PKI service based on Microsoft ADCS 2016 R2
  • Creating CP & CPS documents
  • Consolidating of Issuing CA’s from 9 to 4 ICA’s
  • Installation and configuration of HSM for storing CA & ICA keys
  • Creating Key Ceremony procedures and defining roles & Responsibilities for Key management
  • Implementing PKI hierarchy with offline Root CA and 4 Issuing CA’s connected to four domain forest
  • Validating the existing Cert templates and creating new Certificate templates to create existing and upcoming Digital certificate requirements
  • Using existing Http Server & LDAP for CDP ( CRL distribution Point)
  • A well-defined PKI system
  • Defining people, process & technology to manage PKI infrastructure
  • Consolidating and removal of redundant ICA’s thus reducing infrastructure and maintenance cost
  • Provide auditors with the required information for PKI
  • Enable support for new digital certificate demands such as MDM, VPN, and IoT requirements
  • Issuing of valid certificates for existing internal-facing web apps and valid certificate chain

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.

Download

About the Author

Anish Bhattacharya is a Consultant at Encryption Consulting, working with PKIs, HSMs, creating Google Cloud applications, and working as a consultant with high-profile clients.

You might also be interested in

Code Signing Certificates
Code Signing Certificates February 28, 2020
FIPS 140-3 Security Requirements for Cryptographic Modules
FIPS 140-3 Security Requirements for Cryptographic Modules March 6, 2023
Data Security – WPA-2 PSK Vulnerabilities
Data Security – WPA-2 PSK Vulnerabilities April 28, 2021
Digital Certificates – Windows Certificate Stores
Digital Certificates – Windows Certificate Stores August 22, 2020

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo