The realisation, operation and maintenance of a PKI poses great challenges for many organisations. Often there is a lack of expertise in their own team, and solutions often have to be implemented at short notice. If you do not ensure the trustworthiness of your PKI, you risk immense damage. With our workshops on this topic, we offer you a comprehensive concept for the integration and maintenance of a PKI in your company.
Why is a Public Key Infrastructure (PKI) necessary?
The use of a company-wide Public Key Infrastructure (PKI) is indispensable in modern IT infrastructures. Certificates are needed for different requirements, e.g. public certificates for communication with external partners via web servers (SSL/TLS), VPN gateways (IPSec) or for email encryption (S/MIME use).
Trusted certificates are also necessary for internal resources to secure various processes. In addition to strong password-independent authentication options (using smart cards), this also includes other certificate-based authentication methods in LAN and WLAN infrastructures as well as digital signatures or machine certificates for device authentication.
The design of a PKI is strongly dependent on the requirements for information security and confidentiality. Often, planning is carried out on the basis of best-practice papers, which are far too complex for the actual requirements, or in some cases under-dimensioned. The respective requirements for the use of a PKI with regard to the security level, availability, integrity and scalability of a corresponding solution should be recorded in the context of a risk assessment.
PKI – Our workshops
Below you will find the workshops we offer on the subject of PKI. Among other things, we can provide you with complete support in the introduction or further development of an existing PKI. We offer the following PKI solutions for implementation:
- Microsoft CA (ADCS)
- PrimeKey EJBCA
- Nexus Certificate Manager
Following on from the introduction and enhancement of a PKI, we also offer managed service options. Here we accompany you in the operating process and carry out regular maintenance of your PKI environment.
PKI Basics Workshop
In this workshop, we will explain the theoretical basics of Public Key Infrastructure (PKI): certificate runtimes, revocation lists, Hardware Security Module (HSM), concrete processes and organisational measures when using a PKI in a company network. During the workshop, we will discuss which architectures make sense and how the respective requirements can be mapped with available resources. Operational aspects are also particularly important here, e.g. the implementation of a dual control principle and disaster recovery.
Knowledge around the topic PKI/HSM (basics about certificate types and purposes, trust positions, distribution mechanisms, key protection)
Certificate lifecycle management
Resources and budget
Organisation and processes
Concrete design planning
PKI Health Check
During our workshop, we evaluate your public key infrastructure. On the basis of our specially developed testing rules, we uncover weak points and work with you to develop organisational and technical measures. That way, we ensure a more secure and efficient operation of your PKI ‒ for example, by (partially) automating certificate issuance and renewal, adapting key algorithms according to BSI specifications or modifying the CA hierarchy.
We draft an issuer statement that includes the certificate guidelines, process descriptions and information about the technical implementation of the CA infrastructure. That way, we generate transparency, acceptance and trust within and outside your company.
CA hierarchy/level model & algorithms
Secure key generation and storage (e.g. HSM)
CA key rollover
Process optimisation (e.g. automations)
Certificate validation (e.g. OCSP, efficient revocation list management)
Role concept/role separation for security-critical operations
Certificate templates (e.g. validity periods and contents, key algorithms according to BSI specifications)
Security tokens (e.g. smart cards or virtual smart cards, USB tokens)
Physical security (e.g. access to the room with HSM server)
Backup and disaster recovery plan