Encryption Consulting assisted a Retail institution to implement a new PKI Infrastructure. The client was implementing a new 2016 PKI infrastructure to support their SHA-2 internal certificates as well as an accelerated migration path for all certificates. Please see the table below for full details:
Challenges
Solution
Benefits
Root CA was nearing to its expiry
Root CA deployed on ADCS 2008 , nearing end of its support
Loss of HSM Keys to Root CA
Unable to sign and publish new CRL’s
Lack of documentation and procedures
No CP/CPS Policy
Creation of redundant ICA’s that were hardly used
No proper roles & responsibilities defined for PKI custodians
Assessment of Current PKI infrastructure
Designing a new PKI service based on Microsoft ADCS 2016 R2
Creating CP & CPS documents
Consolidating of Issuing CA’s from 9 to 4 ICA’s
Installation and configuration of HSM for storing CA & ICA keys
Creating Key Ceremony procedures and defining roles & Responsibilities for Key management
Implementing PKI hierarchy with offline Root CA and 4 Issuing CA’s connected to four domain forest
Validating the existing Cert templates and creating new Certificate templates to create existing and upcoming Digital certificate requirements
Using existing Http Server & LDAP for CDP ( CRL distribution Point)
A well-defined PKI system
Defining people, process & technology to manage PKI infrastructure
Consolidating and removal of redundant ICA’s thus reducing infrastructure and maintenance cost
Provide auditors with the required information for PKI
Enable support for new digital certificate demands such as MDM, VPN, and IoT requirements
Issuing of valid certificates for existing internal-facing web apps and valid certificate chain
Free Downloads
Datasheet of Encryption Consulting Services
Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all
aspects of encryption for our clients.
Anish Bhattacharya is a Consultant at Encryption Consulting, working with PKIs, HSMs, creating Google Cloud applications, and working as a consultant with high-profile clients.
