Unsung contracted with a major public sector organisation to design and deliver a highly available PKI platform for a new private cloud environment. The PKI service was required to satisfy stringent security and assurance requirements whilst simultaneously supporting modern DevOps workflows, CI/CD pipelines, autoscaling compute infrastructure, and enabling delegated certificate management to product teams.

This engagement represented a significant modernisation initiative, moving from traditional manual PKI operations towards automated certificate lifecycle management aligned with cloud-native architecture principles.

Unsung delivered a comprehensive, highly available PKI platform with extensive automation capabilities:

‍

Governance deliverables:

• Certificate Practice Statement

• Key Signing Ceremony documentation, facilitation, and execution

‍

Technical deliverables:

• Statement of Requirements

• Technical Design (High-Level Design, Low-Level Design)

• Testing collateral (Test Plan, Test Scripts, Test Report)

• CA, RA, VA, Timestamping, and Code Signing services across two geographically separated sites

• Automated certificate issuance and renewal workflows

The engagement presented significant infrastructure dependency and organisational change challenges.

The PKI platform was being delivered into a nascent private cloud hosting environment where many technical dependencies were either not yet in place or at varying stages of maturity. Unsung successfully managed these dependencies through close collaboration with customer platform delivery teams.

Additionally, the engagement represented the first introduction of automated certificate lifecycle management capabilities to the organisation, requiring Unsung consultants to work extensively with assurance and governance stakeholders.