Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
biting
New Contributor

Who should be in charge of PKI / CA server?

In principal, who should be in charge of PKI infrastructure / CA server? The customer, the MSSP, or some third party providing PKI as a service?

The customer (1000 employees) has an IT department, and has until now managed their own CA server for issuing client certificates used for client VPN and WiFi authentication. As part of downscaling their IT department, they're planning to get rid of their CA server. They want WiFi with EAP-TLS authentication delivered by our company, but they don't want to handle the PKI infrastructure themselves.

Should we as an MSSP provide PKI as a service to the customer, or should we tell the customer to get PKI as a service from a third party? We are currently testing FortiAuthenticator, but as far as I can tell, FAC cannot be used as a CA server in a multi-tenant environment. There are PKIaaS providers online that could be used, but we currently don't have the resources to handle PKI for customers, even if utilizing PKIaaS on the customer's behalf.

Does anyone have any experience and recommendations related to this?

https://omegle.onl/ vshare
2 REPLIES 2
LunarEcho
New Contributor II

It depends on your resources and the customer's needs. If you can handle it, offering PKI as a service might be a good move to ensure smooth operations for their WiFi and VPN. But if you're stretched thin, recommending a third-party PKIaaS provider could be the better option.

ebilcari
Staff
Staff

Forti Authenticator doesn't have a separate multi tenancy feature but in case of Certificate management, it supports multiple CAs based on user licenses and uses SCEP for autoenrollment.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors