PKI Automation

Distributing and managing certificates

from any CA for all your devices

Dr. Gunnar Jacobson

Certificates – for what?

2

*Ponemon Research 2016

What appli-

cations use PKI

credentials in your organization?*

81%

75% 58%

54%

SSL/TLS

VPN 802.1x

S/MIME

PKI Automation

Certificates – from where?

3

Public CA

Private CA

SSL/TLS

VPN 802.1x

S/MIME

PKI Automation

CA Options

Microsoft CA (AD CS) Integrated component of Windows ServerAutoenrollmentPupular & simple

PKI ProductsProprietary, expensive

Open SourceControl over the codeNo AD integration, no autoenrollment

Managed PKIService for a calculable priceTrust in CA Provider requiredAD integration & autoenrollment needed

4PKI Automation

Distribute & manage certificates

5

Public CAPrivate CA

TOPKI

PKI Automation

TOPKI components

6

TOPKI

Autoenrollment from non-Microsoft CA

S/MIME CertificatePublishing & Retrieval

Mobile S/MIME Enrollment

Certificate LifecycleManagement

PKI Automation

Windows Autoenrollment

Requirement: Use a non-Microsoft CA for aWindows domain, e.g. Internal OpenSource CA for device certificatesPublic CA for trusted S/MIME certificates

Solution: Certificate Enrollment Proxy

Acts like a Windows Enterprise CA

Seamless Active Directory integration

Autoenrollment

Autorevocation

Key Archival & Recovery

7PKI Automation

Enrollment scenarios

8PKI Automation

WebEnroll-ment

DeviceEnroll-ment

ADEnroll-ment

DCOM/RPC HTTP

AD

MS

CA

MobileEnroll-ment

CertificateDatabase

Mobile S/MIME Enrollment

9PKI Automation

ManagedDevice

Key Archive

ProtectedNetwork

Password

Profile.P12

UnmanagedDevice

Mail

MDM

.P12

Private Key

End-to-end encryption

10PKI Automation

PartnerUser

???

Internet

3. Encrypt

Incoming e2e encryption

11PKI Automation

Partner

AD

2. Retrieve

1. Publish

User

3. Encrypt

2. Retrieve

Outgoing e2e encryption

12PKI Automation

PartnerUser

1. Request

Mobile e2e encryption

13PKI Automation

AD

Active

Directory

External

Certificate

Directories

ActiveSync Proxy

MailApp

Certificate Lifecycle Management

14PKI Automation

Web App for:

Role based certificate

lifecycle management

Certificate operations

Meta data

User & administrator self-services

Services for:

Reporting/Statistics

Notifications

Central key-pair generation

Certificate database

15PKI Automation

Web-GUI

Certificates

Private Keys

Meta Data081708160815

TOPKI

Database

Manage certificates with browser

16PKI Automation

PKI automation with TOPKI

17

Public CAPrivate CA

TOPKI

PKI Automation

18PKI Automation

Thank you for your attention!

Visit us:Hall 10.1 / 10.1-331