Softline AG // Services // Information Security and IT Security // Security@Softline Workshops // PKI Workshop

»PKI Workshop« – The key to more security!

The realisation, operation and maintenance of a PKI poses great challenges for many organisations. Often there is a lack of expertise in their own team, and solutions often have to be implemented at short notice. If you do not ensure the trustworthiness of your PKI, you risk immense damage. With our workshops on this topic, we offer you a comprehensive concept for the integration and maintenance of a PKI in your company.

Why is a Public Key Infrastructure (PKI) necessary?

The use of a company-wide Public Key Infrastructure (PKI) is indispensable in modern IT infrastructures. Certificates are needed for different requirements, e.g. public certificates for communication with external partners via web servers (SSL/TLS), VPN gateways (IPSec) or for email encryption (S/MIME use).

Trusted certificates are also necessary for internal resources to secure various processes. In addition to strong password-independent authentication options (using smart cards), this also includes other certificate-based authentication methods in LAN and WLAN infrastructures as well as digital signatures or machine certificates for device authentication.

The design of a PKI is strongly dependent on the requirements for information security and confidentiality. Often, planning is carried out on the basis of best-practice papers, which are far too complex for the actual requirements, or in some cases under-dimensioned. The respective requirements for the use of a PKI with regard to the security level, availability, integrity and scalability of a corresponding solution should be recorded in the context of a risk assessment.

PKI – Our workshops

Below you will find the workshops we offer on the subject of PKI. Among other things, we can provide you with complete support in the introduction or further development of an existing PKI. We offer the following PKI solutions for implementation:

  • Microsoft CA (ADCS)
  • PrimeKey EJBCA
  • Nexus Certificate Manager

Following on from the introduction and enhancement of a PKI, we also offer managed service options. Here we accompany you in the operating process and carry out regular maintenance of your PKI environment.

 

PKI Basics Workshop

In diesem Workshop erläutern wir theoretische Grundlagen zum Thema Public Key Infrastructure (PKI): Zertifikatslaufzeiten, Sperrlisten, Hardware Security Module (HSM), konkrete Prozesse und organisatorische Maßnahmen beim Einsatz einer PKI im Firmennetz. Im Rahmen des Workshops diskutieren wir, welche Architekturen sinnvoll sind und wie die jeweiligen Anforderungen mit verfügbaren Ressourcen abgebildet werden können. Besonders wichtig sind hierbei auch operative Aspekte, z. B. die Umsetzung eines Vier-Augen-Prinzips und das Disaster Recovery.

 

In this workshop, we will explain the theoretical basics of Public Key Infrastructure (PKI): certificate runtimes, revocation lists, Hardware Security Module (HSM), concrete processes and organisational measures when using a PKI in a company network. During the workshop, we will discuss which architectures make sense and how the respective requirements can be mapped with available resources. Operational aspects are also particularly important here, e.g. the implementation of a dual control principle and disaster recovery.

 

  • Wissen rund um das Thema PKI/HSM (Grundlagen zu Zertifikatstypen und Verwendungszwecken, Vertrauensstellungen, Verteilmechanismen, Key Protection)
  • Zertifikats-Lifecycle-Management
  • Anforderungsdefinition
  • Ressourcen und Budget
  • Organisation und Prozesse
  • Produktauswahl
  • Konkrete Designplanung
  • Betriebsaspekte

    • Knowledge around the topic PKI/HSM (basics about certificate types and purposes, trust positions, distribution mechanisms, key protection)

  • Certificate lifecycle management

  • Requirements definition

  • Resources and budget

  • Organisation and processes

  • Product selection

  • Concrete design planning

  • Operational aspects

PKI Health Check

Während unseres Workshops evaluieren wir Ihre Public-Key-Infrastruktur. Auf Basis unseres eigens entwickelten Prüfregelwerks decken wir Schwachstellen auf und erarbeiten gemeinsam mit Ihnen organisatorische und technische Maßnahmen. So stellen wir einen sichereren und effizienteren Betrieb Ihrer PKI sicher – beispielsweise durch eine (Teil-)Automatisierung von Zertifikatsausstellungen und -erneuerungen, die Anpassung von Schlüsselalgorithmen gemäß BSI-Vorgaben oder Modifikationen an der CA-Hierarchie.
Wir formulieren eine Ausstellererklärung, welche die Zertifikatsrichtlinien, Prozessbeschreibungen sowie Informationen über die technische Umsetzung der CA-Infrastruktur beinhaltet. So erzeugen wir Transparenz, Akzeptanz und Vertrauen innerhalb und außerhalb Ihres Unternehmens.

 

During our workshop, we evaluate your public key infrastructure. On the basis of our specially developed testing rules, we uncover weak points and work with you to develop organisational and technical measures. That way, we ensure a more secure and efficient operation of your PKI ‒ for example, by (partially) automating certificate issuance and renewal, adapting key algorithms according to BSI specifications or modifying the CA hierarchy.

We draft an issuer statement that includes the certificate guidelines, process descriptions and information about the technical implementation of the CA infrastructure. That way, we generate transparency, acceptance and trust within and outside your company.

 

 

  • Ist-Analyse
  • CA-Hierarchie/Stufenmodell & Algorithmen
  • Sichere Schlüsselerzeugung und -speicherung (z. B. HSM)
  • CA Key-Rollover
  • Prozessoptimierung (z. B. Automatisierungen)
  • Zertifikatsvalidierung (z. B. OCSP, effiziente Sperrlistenverwaltung)
  • Schlüsselarchivierung
  • Rollenkonzept/Rollentrennung für sicherheitskritische Operationen
  • Zertifikatstemplates (z. B. Laufzeiten und Inhalte, Schlüsselalgorithmen gemäß BSI-Vorgaben)
  • Security Tokens (z. B. Smartcards oder virtuelle Smartcards, USB-Tokens)
  • Audit
  • Physische Sicherheit (z. B. Zutritt zum Raum mit HSM-Server)
  • Backup und Disaster-Recovery-Plan
  • HA-Betrieb
  • Dokumentation

    • Actual analysis

  • CA hierarchy/level model & algorithms

  • Secure key generation and storage (e.g. HSM)

  • CA key rollover

  • Process optimisation (e.g. automations)

  • Certificate validation (e.g. OCSP, efficient revocation list management)

  • Key archiving

  • Role concept/role separation for security-critical operations

  • Certificate templates (e.g. validity periods and contents, key algorithms according to BSI specifications)

  • Security tokens (e.g. smart cards or virtual smart cards, USB tokens)

  • Audit

  • Physical security (e.g. access to the room with HSM server)

  • Backup and disaster recovery plan

  • HA operation

  • Documentation

PKI Consulting and Design Phase

In our PKI Consulting and Design Phase we provide you with conceptual support. Together with you, we plan and design a solution tailored to your needs.

    • Coaching during the certification process

  • On-site training (max. 15 persons)

  • Preventive measures to avoid security incidents

  • Illustration of the consequences of misconduct

  • Practical safety advice: Development of a »behavioural etiquette«

Request Workshop

PKI Integration Phase

Based on the design and planning, we implement the desired design and functionalities for you in an operational manner. For the involvement and training of your employees, we carry out PKI coaching.

    • Implementation

  • Documentation

  • Training

  • Operational handover

Request Workshop