![Page 1: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/1.jpg)
PKI Automation
Distributing and managing certificates
from any CA for all your devices
Dr. Gunnar Jacobson
![Page 2: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/2.jpg)
Certificates – for what?
2
*Ponemon Research 2016
What appli-
cations use PKI
credentials in your organization?*
81%
75% 58%
54%
SSL/TLS
VPN 802.1x
S/MIME
PKI Automation
![Page 3: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/3.jpg)
Certificates – from where?
3
Public CA
Private CA
SSL/TLS
VPN 802.1x
S/MIME
PKI Automation
![Page 4: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/4.jpg)
CA Options
Microsoft CA (AD CS) Integrated component of Windows ServerAutoenrollmentPupular & simple
PKI ProductsProprietary, expensive
Open SourceControl over the codeNo AD integration, no autoenrollment
Managed PKIService for a calculable priceTrust in CA Provider requiredAD integration & autoenrollment needed
4PKI Automation
![Page 5: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/5.jpg)
Distribute & manage certificates
5
Public CAPrivate CA
TOPKI
PKI Automation
![Page 6: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/6.jpg)
TOPKI components
6
TOPKI
Autoenrollment from non-Microsoft CA
S/MIME CertificatePublishing & Retrieval
Mobile S/MIME Enrollment
Certificate LifecycleManagement
PKI Automation
![Page 7: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/7.jpg)
Windows Autoenrollment
Requirement: Use a non-Microsoft CA for aWindows domain, e.g. Internal OpenSource CA for device certificatesPublic CA for trusted S/MIME certificates
Solution: Certificate Enrollment Proxy
Acts like a Windows Enterprise CA
Seamless Active Directory integration
Autoenrollment
Autorevocation
Key Archival & Recovery
7PKI Automation
![Page 8: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/8.jpg)
Enrollment scenarios
8PKI Automation
WebEnroll-ment
DeviceEnroll-ment
ADEnroll-ment
DCOM/RPC HTTP
AD
MS
CA
MobileEnroll-ment
CertificateDatabase
![Page 9: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/9.jpg)
Mobile S/MIME Enrollment
9PKI Automation
ManagedDevice
Key Archive
ProtectedNetwork
Password
Profile.P12
UnmanagedDevice
MDM
.P12
Private Key
![Page 10: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/10.jpg)
End-to-end encryption
10PKI Automation
PartnerUser
???
Internet
![Page 11: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/11.jpg)
3. Encrypt
Incoming e2e encryption
11PKI Automation
Partner
AD
2. Retrieve
1. Publish
User
![Page 12: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/12.jpg)
3. Encrypt
2. Retrieve
Outgoing e2e encryption
12PKI Automation
PartnerUser
1. Request
![Page 13: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/13.jpg)
Mobile e2e encryption
13PKI Automation
AD
Active
Directory
External
Certificate
Directories
ActiveSync Proxy
MailApp
![Page 14: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/14.jpg)
Certificate Lifecycle Management
14PKI Automation
Web App for:
Role based certificate
lifecycle management
Certificate operations
Meta data
User & administrator self-services
Services for:
Reporting/Statistics
Notifications
Central key-pair generation
![Page 15: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/15.jpg)
Certificate database
15PKI Automation
Web-GUI
Certificates
Private Keys
Meta Data081708160815
TOPKI
Database
![Page 17: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/17.jpg)
PKI automation with TOPKI
17
Public CAPrivate CA
TOPKI
PKI Automation
![Page 18: PKI Automation - Secardeo GmbH · 2018. 9. 25. · PKI Automation 7. Enrollment scenarios PKI Automation 8 Web Enroll - ment Device-AD DCOM/RPC HTTP AD MS CA Mobile Enroll-ment Certificate](https://reader033.vdocuments.us/reader033/viewer/2022052615/6082a7d9095be93f74373b15/html5/thumbnails/18.jpg)
18PKI Automation
Thank you for your attention!
Visit us:Hall 10.1 / 10.1-331