We engaged with the Head of Trust Services to re-platform 20 Root CA’s from the existing End of Life vendor platform (Entrust) to a new strategic platform (EJBCA). The migration was driven by emerging technical requirements for certificate auto-enrolment via SCEP and ACME interfaces to support CICD pipelines and autoscaling compute.

Migrate 20 Entrust CA’s onto EJBCA with no operational impact. Reduce BAU and licensing costs by consolidating CA’s onto a single platform. Provide all appropriate governance documentation to meet customer assurance requirements.

Firstly, developing a repeatable process which the vendor said was ‘impossible’. A second challenge was understanding the EJBCA certificate database, allowing us to troubleshoot at a granular level. Lastly, ensuring the certificate structure was identical to allow downstream systems to consume, chain and validate with no issues. All were addressed through our approach to project structure, the expertise of our engineering team and our delivery governance framework.

Entrust (CA), Thales (Luna7), Keyfactor (EJBCA)