In principal, who should be in charge of PKI infrastructure / CA server? The customer, the MSSP, or some third party providing PKI as a service?
The customer (1000 employees) has an IT department, and has until now managed their own CA server for issuing client certificates used for client VPN and WiFi authentication. As part of downscaling their IT department, they're planning to get rid of their CA server. They want WiFi with EAP-TLS authentication delivered by our company, but they don't want to handle the PKI infrastructure themselves.
Should we as an MSSP provide PKI as a service to the customer, or should we tell the customer to get PKI as a service from a third party? We are currently testing FortiAuthenticator, but as far as I can tell, FAC cannot be used as a CA server in a multi-tenant environment. There are PKIaaS providers online that could be used, but we currently don't have the resources to handle PKI for customers, even if utilizing PKIaaS on the customer's behalf.
Does anyone have any experience and recommendations related to this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It depends on your resources and the customer's needs. If you can handle it, offering PKI as a service might be a good move to ensure smooth operations for their WiFi and VPN. But if you're stretched thin, recommending a third-party PKIaaS provider could be the better option.
Forti Authenticator doesn't have a separate multi tenancy feature but in case of Certificate management, it supports multiple CAs based on user licenses and uses SCEP for autoenrollment.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.