Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles,...
Transcript of Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles,...
![Page 1: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/1.jpg)
![Page 2: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/2.jpg)
![Page 3: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/3.jpg)
3
Entrust DatacardDavid Terry – EMEA Business Development Director
![Page 4: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/4.jpg)
4
PKI Management and
Managed PKI
![Page 5: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/5.jpg)
5
Copyright Entrust Datacard 5
Entrust Managed
Services
• Building, Supporting, Managing
PKI’s since c.2000
• Technology Agnostic
• Purpose Built Data Centre
• ETSI, WebTrust, ISO27001,
tScheme, ISO9001, etc.
• Governments, Defense, Finance,
Telecoms, Commercial.
![Page 6: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/6.jpg)
6
Copyright Entrust Datacard 6
I’m sure we all know this?
“what is a PKI “
• Electronic Identity
• Used for:
• Authentication
• Signing
• Non-repudiation / integrity
• Encryption
• Needed by Relying Parties
![Page 7: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/7.jpg)
7
Copyright Entrust Datacard 7
“A public key infrastructure
(PKI) is a set of roles, policies,
and procedures needed to
create, manage, distribute, use,
store & revoke digital certificates
and manage public-key
encryption”
• Policies
• People
• Procedures
• Audit
• A bit of Technology
Am I just creating a Cert
Pump?
![Page 8: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/8.jpg)
8
Copyright Entrust Datacard 8
We need a requirement,
then….
• Need technology
• Need a high level design
• Need a detailed design
• Need Policies
• Need a Policy Authority
• Need Procedures
• Need a KSC
![Page 9: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/9.jpg)
9
Copyright Entrust Datacard 9
PKI Deployment Methodology
1. Project Initiation
2. Requirements Analysis and Design
3. Development / Testing / Policy
4. Installation, Integration and Testing
5. Deployment
6. Operations / Maintenance
P
h
a
s
e
s
![Page 10: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/10.jpg)
10
Copyright Entrust Datacard 10
Typical Deployment – Multi-technology
Root CA
Issuing Authority
Issuing Authority
Issuing Authority
Microsoft AD CS Entrust SM
HSM
HSM HSM
RA RA RA RA
SSL Inspection CA
Policy
![Page 11: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/11.jpg)
11
Copyright Entrust Datacard 11
Policies
• Policy Management and Control
• Assurance and Compliance
• Policies
• Certificate Policy
• Certification Practice Statement
• Relying Party Agreements
• Subscriber Agreements
• Policy Disclosure statements
• Who needs to be involved
![Page 12: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/12.jpg)
12
Copyright Entrust Datacard 12
Best Practice Considerations
Path Length Constraints
Policy
Policy Authority
HSMs
Root Offline
Certificate Lifetime
Key Size
Root and IA Lifetimes
OIDs and CPSKey Usage
CLR HA
Separation
KSC
Training
Multi Person Control
Audit
Management
Security Event monitoring
![Page 13: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/13.jpg)
13
Copyright Entrust Datacard 13
Assurance model need to apply
to all deployment scenarios.
PKI is not a technology
On-Premise
EDC Cloud
![Page 14: Session 2 PKI Management - Wesentra...“A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital](https://reader033.fdocuments.us/reader033/viewer/2022050206/5f594521f80ffa73741e9598/html5/thumbnails/14.jpg)
14