Windows PKI

TOPKI | End-to-end encryption | Windows PKI

Windows PKI – Deploy, use & manage a Microsoft CA

Many organizations are operating an inhouse PKI on the basis of a Microsoft CA. With such a Windows PKI you can issue and manage X.509 certificates for Windows users, services like web servers or domain controllers or devices like PCs, routers or smartphones. The basis for a Windows PKI is provided by a Windows Server and the contained Active Directory Certificate Services (AD CS). With a Windows PKI you can distribute certificates at low cost and transparent to the user using autoenrollment or by manual processes with enrollment agents and a certificate manager. A Windows PKI scales well and offers a series of services and options. A Microsoft CA can be setup with a few of mouse clicks. However, often will unplanned installations by administrators with limited PKI experiences result in a system state that can hardly be corrected afterwards. Therefore, it is highly recommended to utilize the expertise of experienced PKI consultants from a point of view of IT security as well as from an economical standpoint.

We support you for your Windows PKI

  • by introductory Windows PKI workshops
  • by planning and technical & organizational PKI concepts
  • by developing a Certificate Policy and Practice Statements
  • by implementation of your Microsoft CA
  • by operational support and monitoring
  • by analyzing and auditing a running Microsoft PKI
  • by powerful extensions with our TOPKI components

We have supported a series of medium and large companies all around the world during all these stages. Our in-depth knowledge of Microsoft PKI concepts and mechanisms helps you to accelerate your PKI project and to assure the quality of PKI operation.

The following TOPKI components will offer you additional PKI features that will enhance your Windows PKI and increase its benefits significantly:

  • certBox is a Certificate Directory Server for securely publishing internal certificates from AD and automatically finding external certificates in the PKI cloud.
  • certEP acts as a Certificate Enrollment Proxy for public CAs that you may bind in addition to your Microsoft CA, e.g. for public certificates.
  • certMode connects mobile devices that run ActiveSync with a Certificate Directory Server like certBox and securely distributes private user keys and certificates from your Windows PKI to devices that are managed by MDM.
  • certPush distributes private keys of a user that have been enrolled through certEP or by a Microsoft CA securely to his (unmanaged) devices.
  • certRevoke automatically submits revocation requests to ADCS in case that an AD object has been removed or changed.
  • certSync synchronises certificates between Active Directory and a Certificate Directory Server like certBox.