Need
A financial consulting firm needed a solution to protect the communication of remote access clients and provide secure authentication for users and computers.
Solution
C/D/H designed and deployed a two-tier public key infrastructure (PKI) based on Microsoft Windows Server 2008 R2 certificate services.
The architecture consisted of an offline standalone root certificate authority (CA) and two online enterprise subordinates which serve as issuing CAs for the environment. The root CA was taken offline eliminating the potential for compromise from a network-based attack. The issuing CAs were enterprise subordinates and provide integration with Active Directory and automatic certificate enrollment for all domain systems.