TELIA CA PROXY SERVICE



About Telia CA Proxy

Telia Certificate Service Telia CA Proxy Service enables replacement of self-signed Microsoft AD CA certificates at customer IT systems with high-quality and secure Telia certificates.

The service combines proven Microsoft certificate deployment processes with high-level security certificates.

With Telia Certificate Service you avoid investments into Public Key Infrastructure specialists in your organization.

  • PKI processes at Telia are of high security level and they are audited annually
  • As a customer of Telia Certificate Service, you are provided with correct and up-to-date certificate extensions, algorithms and PKI procedures
  • CA-level keys are in HSM devices (Hardware Security Module) located at highly secure premises with audited security classifications
  • All processes are documented
  • You can procure both publicly trusted certificates as well as low-cost private certificates using same tools

Service is compatible with all digital certificate use cases, for example:

  • X802.1xr device certificates for workstations and if needed, also for mobile devices
  • SMIME certificate for email encryption
  • Client certificates for strong authentication
  • Server certificates for webpages and other network devices

An illustration of a sample solution

Service features

  • A customer CA is created and keys are protected using Telia HSM devices
  • Telia CA Proxy software is deployed at one to two customer AD domain controllers
  • Normal Windows certificate requests are routed to Telia HSM backend service
  • Certificate contents, extensions and checks are agreed with Telia
  • Current recommendation is to use Offline Root CA with Sub CA's below that for various certificate types
  • OCSP (Online Certificate Status Protocol) is optional, CRL (Certificate Revocation List) is always included
  • Telia certificate portal comes with the service. The portal contains management for these certificate types:
    • Public TLS certificates
    • Private certificates for AD networks
  • The portal enables following management actions:
    • Certificate revocation
    • Creation of public and private certificates as a self-service
    • Certificate expiration warning feature

Pricing, ordering and deployment

  • The service comes with a monthly price. The price is depending on:
    • Number of CA certificates (root and issuing level certificates)
    • Number of end-user certificates
    • Fee for OCSP service
  • Inquiries about ordering and pricing:
  • Service deployment takes place as an co-operation project. Telia handles configuration and creation of CA certificates. Certificate contents and checks are specified by customer and implemented by Telia. Telia CA Proxy software is deployed as a common project by Telia and customer. At the end of the deployment project creation of certificates, certificate contents are approved. As a final act the service is moved into production mode