Certificate Authority [CA] Implementation Plan

Sample Digi-CA™ Implementation Plan

The most substantial difference between Digi-CA™ and other Traditional CA [1]s is the flexibility and capabilities that are central to the design of the Public Key Infrastructure [PKI] system. This means that virtually any type of PKI design can be implemented using Digi-CA™ and because Digi-CA™ is probably the most modern CA available on the market, your specific design requirements can be delivered easily and cost effectively.

The following sub sections provide details of a typical project implementation and its stages. The Preliminary Analysis & Requirement Measurement stage of the project (stage I) is the first stage and this sets the project parameters and requirements from the very beginning of your project:

• 1. Preliminary Analysis & Requirement Measurement
• 2. Trust Centre Setup
• 3. Configuring Multi-Site LDAP Directory Services & LDAP Replication
• 4. CA Hierarchy & PKI Logical Infrastructure Setup
• 5. System Integration & Integration Testing
• 6. Disaster Recovery Setup
• 7. Functional, Operational & User Acceptability Testing [UAT]
• 8. Training
• 9. Production Launch

• Preliminary Analysis & Requirement Measurement
  
  • 1. In depth analysis and understanding of the concepts, functional and business requirements
  • 2. In depth Digi-CAST™ analysis of existing application functional layers and associated data flow models and diagrams and understanding the concepts, functional and business requirements
  • 3. Digi-CAST™ - understanding architectural and functional model for the certificate enrolment and installation processes
  • 4. Digi-CAST™ establishing the requirements for Key Ceremony
  • 5. Digi-CAST™ reviewing and defining the Certification Practice Statement (if required) and associated Certificate Policy
  • 6. Digi-CAST™ establishing whether Digi-CA™ PKI System requires any related customisations to support specific functional and business requirements through the use of application APIs and custom policy controls
  • 7. Providing detailed information on performed analysis, measurements and discoveries in a form of a Digi-CAST™ report

• Trust Centre Setup
  • 1. Setup of a dedicated Digi-CA™ PKI system hardware and software infrastructure in a secure hosting data centre
  • 2. General testing of new hardware, software and network setup
  • 3. High availability testing of new hardware, software and network setup
  • 4. Backup and recovery tests of new software and network setup
  • 5. Performance testing of new hardware, software and network setup
  • 6. Finalising the setup and providing with detailed information on performed activities and test results in the form of a Digi-CAST™ report

• Configuring Multi-Site LDAP Directory Services & LDAP Replication
  • 1. Establishing a dedicated secure network channel between the new Trust Centre and local computer centres at two locations
  • 2. Testing the performance and security of the network communication channel between the Trust Centre and each office location
  • 3. Installing and configuring LDAP directory service hardware and software for high availability in the local computer centres
  • 4. Setting up directory replication service [shadow: single-master/multiple-slave replication scheme] between the master LDAP directory service located in the Trust Centre and each slave local LDAP directory service located in each of the computer centres
  • 5. Testing the directory live replication service and high availability mechanisms
  • 6. Performance testing for directory replication service and high availability setup
  • 7. Finalising the setup and providing detailed information on performed activities and test results in the form of a Digi-CAST™ report

• CA Hierarchy & PKI Logical Infrastructure Setup
  • 1. Performing a dry-run for Key Ceremony (if required) for CA and Sub-CA
  • 2. Performing a Key Ceremony (if required) for CA and Sub-CA and establishing new CA hierarchy
  • 3. Creating test instances of CA and Sub-CA private key and public key certificate data (for the period of test use only)
  • 4. Finalizing the new CA setup and providing with detailed information on performed activities and verification results in the form of a Digi-CAST™ report

• System Integration & Integration Testing
  • 1. Providing the necessary API integration services for application integration with Digi-CA™ PKI System Registration Authority and Certificate Distribution services
  • 2. Providing the necessary API integration services for application integration for certificate enrolment and installation
  • 3. Providing the necessary API integration services for X.500 directory service integration
  • 4. Providing the necessary API integration services for CRL and OCSP service integration
  • 5. Finalizing the integration and providing with detailed information on performed activities and integration results in the form of a Digi-CAST™ report

s

• Disaster Recovery Setup
  • 1. Setup of basic and supplemental PKI services with software and hardware for disaster recovery in computer centres
  • 2. Testing disaster recovery features and performing disaster recovery simulation tests
  • 3. Finalising the setup and providing detailed information on performed activities, setup and tests results in the form of a Digi-CAST™ report

• Functional, Operational & User Acceptability Testing [UAT]
  • 1. End user key generation, certificate enrolment and installation tests
  • 2. Integration testing for application and Digi-CA™ PKI System Registration Authority Service
  • 3. Integration testing for application and Digi-CA™ PKI System X.500 directory services
  • 4. End user private key and public key certificate usability tests with applications
  • 5. End user public key certificate standard life cycle tests including certificate renewal after certificate expiration
  • 6. End user public key certificate custom life cycle tests including certificate revocation, suspension and de-suspension
  • 7. End user public key certificate life cycle test including certificate re-issuance after certificate revocation
  • 8. Integration testing for application and Digi-CA™ PKI System CRL and OCSP services
  • 9. Finalizing the test phase and providing with detailed information on performed activities and test results in a form of Digi-CAST™ report

• Training
  • 1. Provision of comprehensive Digi-CA™ PKI System documentation in digital and paper format
  • 2. CA Administration staff training
  • 3. CA Security Administration staff training
  • 4. RA Administration staff training
  • 5. RA Operation staff training
  • 6. Finalizing the training phase and providing with detailed information on performed activities and test results in the form of a Digi-CAST™ report;

• Production Launch
  • 1. Switching CA hierarchy from test to production environment
  • 2. Finalizing production launch and providing detailed information on performed activities along with a summarized report for each phase of the project implementation in the form of a Digi-CAST™ report