pki automation - secardeo gmbh · 2018. 9. 25. · pki automation 7. enrollment scenarios pki...
TRANSCRIPT
PKI Automation
Distributing and managing certificates
from any CA for all your devices
Dr. Gunnar Jacobson
Certificates – for what?
2
*Ponemon Research 2016
What appli-
cations use PKI
credentials in your organization?*
81%
75% 58%
54%
SSL/TLS
VPN 802.1x
S/MIME
PKI Automation
Certificates – from where?
3
Public CA
Private CA
SSL/TLS
VPN 802.1x
S/MIME
PKI Automation
CA Options
Microsoft CA (AD CS) Integrated component of Windows ServerAutoenrollmentPupular & simple
PKI ProductsProprietary, expensive
Open SourceControl over the codeNo AD integration, no autoenrollment
Managed PKIService for a calculable priceTrust in CA Provider requiredAD integration & autoenrollment needed
4PKI Automation
Distribute & manage certificates
5
Public CAPrivate CA
TOPKI
PKI Automation
TOPKI components
6
TOPKI
Autoenrollment from non-Microsoft CA
S/MIME CertificatePublishing & Retrieval
Mobile S/MIME Enrollment
Certificate LifecycleManagement
PKI Automation
Windows Autoenrollment
Requirement: Use a non-Microsoft CA for aWindows domain, e.g. Internal OpenSource CA for device certificatesPublic CA for trusted S/MIME certificates
Solution: Certificate Enrollment Proxy
Acts like a Windows Enterprise CA
Seamless Active Directory integration
Autoenrollment
Autorevocation
Key Archival & Recovery
7PKI Automation
Enrollment scenarios
8PKI Automation
WebEnroll-ment
DeviceEnroll-ment
ADEnroll-ment
DCOM/RPC HTTP
AD
MS
CA
MobileEnroll-ment
CertificateDatabase
Mobile S/MIME Enrollment
9PKI Automation
ManagedDevice
Key Archive
ProtectedNetwork
Password
Profile.P12
UnmanagedDevice
MDM
.P12
Private Key
End-to-end encryption
10PKI Automation
PartnerUser
???
Internet
3. Encrypt
Incoming e2e encryption
11PKI Automation
Partner
AD
2. Retrieve
1. Publish
User
3. Encrypt
2. Retrieve
Outgoing e2e encryption
12PKI Automation
PartnerUser
1. Request
Mobile e2e encryption
13PKI Automation
AD
Active
Directory
External
Certificate
Directories
ActiveSync Proxy
MailApp
Certificate Lifecycle Management
14PKI Automation
Web App for:
Role based certificate
lifecycle management
Certificate operations
Meta data
User & administrator self-services
Services for:
Reporting/Statistics
Notifications
Central key-pair generation
Certificate database
15PKI Automation
Web-GUI
Certificates
Private Keys
Meta Data081708160815
TOPKI
Database
PKI automation with TOPKI
17
Public CAPrivate CA
TOPKI
PKI Automation
18PKI Automation
Thank you for your attention!
Visit us:Hall 10.1 / 10.1-331