Certificate Use Cases
Secure Machines, Devices, IoT and Virtual Servers with a Managed Private PKI
All from the Cloud for One Low Subscription Fee
How do enterprises use the HydrantID PKI as a Service?
A Financial Services Company
Profile: Multiple cert providers and inconsistent use of internal CA platform responsible for outages. Diverse set of certificate requestors now being managed by a central group with a desire to consolidate trusted and internal certificate issuance platforms without giving up investment in Microsoft management tools.
Need: The organization has a number of external websites that require Extended Validation SSL certificates. They also implemented a Microsoft CA a number of years ago for their internal network hosts infrastructure which has since grown into a mission-critical service. They do not have dedicated PKI resources and were looking to outsource the operations and management of the private key material while still being able to leverage native Microsoft tools for cert management and deployment.
Solution: HydrantID provided a self-service Enterprise Certificate Console that allows the customer to issue and manage both trusted SSL and private-trust internal certificates from one interface. In addition, we provided a certificate proxy that emulates an internal Microsoft CA but issues certificates from company-branded CA hosted by HydrantID.
Benefit: The organization has a single place to manage all their certificate types and can still use autoenrollment, network device enrollment and any other tool that can integrate with a Microsoft CA.
A Utility Company
Profile: Global utility infrastructure provider that manufactures smart meters required a private PKI infrastructure to provide certificates for both their products and the tools that communicate with them.
Need: Manufacturing millions of devices each year, the Company needed a highly-scalable certificate solution that could be utilized by their existing key generation and certificate request capability. Due to constraints in storage, processing power and connectivity it was critical to choose a provider that could support a highly-customized Elliptic Curve certificate profile.
Solution: Using the HydrantID Certificate RESTful API the Company is able to send Certificate Signing Requests to our service and receive the certificate back in a single authenticated session at volumes that far exceed their requirements. The solution also includes the Enterprise Certificate Console for issuance of low-volume certificates for ‘command and control’ systems and code signing.
Benefit: The inherent scalability of our service enabled a phased rollout of certificate volume without requiring the Company to make a significant investment upfront for capacity that may not be fully utilized in the first year or two of operation.
A Transportation Company
Profile: Centralized IT function that determines the policies and procedures for certificate issuance. Generally delegates the actual request process to local administrators.
Need: The organization has a rapidly expanding trusted SSL and user certificate infrastructure. They implemented the Venafi TrustAuthority key and certificate management platform for administration and policy enforcement but needed a full-service PKI provider for the on-demand issuance of both server and user certificates as well as a predictable cost model.
Solution: We provided a self-service Enterprise Certificate Console that allows the customer to manage the types of certificates that can be issued by the Venafi platform and can deliver digital-signing certificates to end users independent of Venafi licensing requirements. We also provide a HydrantID CA driver built-in to the Venafi platform for fully automated issuance of both trusted SSL and digital-signing certificates.
Benefit: The organization has a single vendor for all their certificate needs and a yearly subscription fee that removes the need to manage cert credits and associated out-of-cycle budget expenditures.
An International Gaming Platform
Profile: Large commercial gaming enterprise with high-volume internal certificate demands to meet application DevOps requirements; large stable of internet domains with requirement to protect all host systems.
Need: Requiring both trusted SSL and internal certificates, the Company desired a fully-branded private PKI solution with an offline Root CA and multiple online issuing CA’s. They implemented the Venafi TrustAuthority key and certificate management platform for administration and policy enforcement but needed a full-service PKI provider for the on-demand issuance of both trusted SSL and internal certificates.
Solution: HydrantID provides a self-service Enterprise Certificate Console that allows the customer to manage the types of certificates that can be issued by the Venafi platform. The HydrantID CA driver is built-in to the Venafi platform for fully-automated issuance of both trusted SSL and internal certificates.
Benefit: The organization has a single vendor for all their certificate needs that includes the ongoing protection and management of their offline Root CA.