I was asked to evaluate replacements for my current on-premises ADCS setup. Currently we run an offline root and online issuing CA's to provide a large number of machine, SSL and a small number of smartcard certs to the enterprise. We employ different mechanisms to interact with the PKI - custom web-based enrollment portal, SCEP, ADCS web services and Windows auto-enrollment. The root CA's use offline HSMs, while the online CAs use online network HSMs - all from Gemalto / safenet.
The evaluation is more to confirm that we are on the right track before we invest in the on-premises PKI in the way of hardware refreshes, OS upgrades etc.
I am hearing that managed CA offerings are now viable cost wise and they would give us public trust as well. (earlier they were not feasible because of the per-certificate charge). I do not know if there is an Azure offering for PKI as yet. Does anyone have more information / thoughts on these two options?
ADCS roadmap / replacement
- 83 Views
- Last Post 25 February 2019