Audit and Assurance

Setting Up Internal CA / Central repository

  • 1.  Setting Up Internal CA / Central repository

    Posted 25 Feb, 2020 23:31
    Dear All,

    Just to set the context, I am looking for a solution which gives enables me with a complete Inventory and Life Cycle Management for internal/ Self Signed certificates and what could be audit and assurance points which I may have to look into.

    Currently the engineering/ Production Management/ operation Team /IT team generates self signed certificates, based on their requirements and are being used in production. Internal / Self Signed certificates are getting used just as additional security layer to protect data in transit (internally).

    In few cases, it is TWO Way SSL certificates and in few cases its one way certificates just to create HTTPs tunnel for internal communication.

    Change management process is in place to do all these changes in production but the inventory and Life cycle is not getting managed as there is not central repository for now to do this.

    Hence in most of the cases, it has been observed that the certificate gets expired, business gets impacted for hours and when we see the RCA we get to know that certificate got expired.

    This is something which I wanted to address. yes I agree it shall not help anyone for current certificates which are already there in production but slowly respective team can replace those with new certificate which got generated by the Internal CA.

    I hope, I have shared enough data and please feel free to connect on engage to for any query.

    Your inputs are highly appreciated.

    ------------------------------
    D Anand
    ------------------------------