ARCHIVED: Completed project: Enterprise Certificate Authority

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Primary UITS contact: Abhi Jalan

Completed: July 2, 2014

Description: This project involves designing and building an Enterprise Certificate Authority to provide Certificate Authority (CA) services in the ADS environment at Indiana University. There are a wide range of uses and demands for an Enterprise CA at IU. Having an Enterprise CA would allow digital certificates to be issued automatically to ADS domain-joined computers, enhancing security and simplifying deployment for a number of services, e.g., System Center Configuration Manager, DirectAccess, Encrypting File System, IPsec, wireless authentication, Exchange authentication, two-factor authentication, network device authentication, S/MIME certificates, and document and code signing certificates.

Outcome: The primary goal of this project is to assist the System Center Configuration Manager project by providing certificates to the managed endpoints, resulting in a streamlined client deployment process and increasing the security of the system. Secondary goals include allowing the smart card project to proceed and also investigating and enabling further uses for the Enterprise CA infrastructure.

Milestones and status:

  • November 2012: Investigate hardware and infrastructure costs for running an Enterprise Certificate Authority Completed
  • December 2012: Submit Enterprise Certificate Authority proposal Completed
  • January 2013: Enterprise Certificate Authority proposal is approved Completed
  • February 2013: Evaluate Hardware Security Module (HSM) offerings from different vendors Completed
  • March 2013: Submit RFQ to vendors Completed
  • April 2013: Purchase order for HSM submitted to vendor Completed
  • April 2013: Install the HSMs at IUDC and ICTC Completed
  • April 2013: Request and configure VLANs for HSMs Completed
  • May 2013: Request and configure firewall policy for HSMs Completed
  • June 2013: Revise Enterprise Certificate Authority proposal and submit request for additional funding Completed
  • July 2013: Revised Enterprise Certificate Authority proposal approved Completed
  • September 2013: Begin Phase 1: Requirements gathering and planning Completed
  • October 2013: Onsite HSM training Completed
  • November 2013: Begin Phase 2: Design Completed
  • December 2013: Begin Phase 3: Implementation Completed
  • December 2013: Begin Phase 4: Completed
  • January 2014: Develop certificate policy and certificate practice statement Completed
  • February 2013: Begin Phase 5: Disaster recovery and business continuity planning Completed
  • March 2014: Begin phased rollout of the Enterprise Certificate Authority service Completed

Comment process: Send email to ECA Admin.

Project team:

  • Tony Brazzell, Lead Network Engineer
  • Paul Clegg, Project Manager
  • Kevin Fredrick, Lead Systems Engineer
  • Jeremy Geib, Principal Security Engineer
  • Kirt Guinn, Executive Sponsor
  • Abhi Jalan, Project Lead
  • Laura Klein, Project Coordinator
  • Matt Martin, Lead Systems Engineer

This is document bdep in the Knowledge Base.
Last modified on 2018-01-18 17:18:19.