Completed project: Enterprise Certificate Authority

Primary UITS contact: Abhi Jalan

Completed: July 2, 2014

Description: This project involves designing and building an Enterprise Certificate Authority to provide Certificate Authority (CA) services in the ADS environment at Indiana University. There are a wide range of uses and demands for an Enterprise CA at IU. Having an Enterprise CA would allow digital certificates to be issued automatically to ADS domain-joined computers, enhancing security and simplifying deployment for a number of services, e.g., System Center Configuration Manager, DirectAccess, Encrypting File System, IPsec, wireless authentication, Exchange authentication, two-factor authentication, network device authentication, S/MIME certificates, and document and code signing certificates.

Outcome: The primary goal of this project is to assist the System Center Configuration Manager project by providing certificates to the managed endpoints, resulting in a streamlined client deployment process and increasing the security of the system. Secondary goals include allowing the smart card project to proceed and also investigating and enabling further uses for the Enterprise CA infrastructure.

Milestones and status:

  • November 2012: Investigate hardware and infrastructure costs for running an Enterprise Certificate Authority Completed
  • December 2012: Submit Enterprise Certificate Authority proposal Completed
  • January 2013: Enterprise Certificate Authority proposal is approved Completed
  • February 2013: Evaluate Hardware Security Module (HSM) offerings from different vendors Completed
  • March 2013: Submit RFQ to vendors Completed
  • April 2013: Purchase order for HSM submitted to vendor Completed
  • April 2013: Install the HSMs at IUDC and ICTC Completed
  • April 2013: Request and configure VLANs for HSMs Completed
  • May 2013: Request and configure firewall policy for HSMs Completed
  • June 2013: Revise Enterprise Certificate Authority proposal and submit request for additional funding Completed
  • July 2013: Revised Enterprise Certificate Authority proposal approved Completed
  • September 2013: Begin Phase 1: Requirements gathering and planning Completed
  • October 2013: Onsite HSM training Completed
  • November 2013: Begin Phase 2: Design Completed
  • December 2013: Begin Phase 3: Implementation Completed
  • December 2013: Begin Phase 4: Completed
  • January 2014: Develop certificate policy and certificate practice statement Completed
  • February 2013: Begin Phase 5: Disaster recovery and business continuity planning Completed
  • March 2014: Begin phased rollout of the Enterprise Certificate Authority service Completed

Comment process: Send email to ECA Admin.

Project team:

  • Tony Brazzell, Lead Network Engineer
  • Paul Clegg, Project Manager
  • Kevin Fredrick, Lead Systems Engineer
  • Jeremy Geib, Principal Security Engineer
  • Kirt Guinn, Executive Sponsor
  • Abhi Jalan, Project Lead
  • Laura Klein, Project Coordinator
  • Matt Martin, Lead Systems Engineer

This is document bdep in the Knowledge Base.
Last modified on 2015-09-30 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.