About Telia CA Proxy
Telia Certificate Service Telia CA Proxy Service enables replacement of self-signed Microsoft AD CA certificates at customer IT systems with high-quality and secure Telia certificates.
The service combines proven Microsoft certificate deployment processes with high-level security certificates.
With Telia Certificate Service you avoid investments into Public Key Infrastructure specialists in your organization.
- PKI processes at Telia are of high security level and they are audited annually
- As a customer of Telia Certificate Service, you are provided with correct and up-to-date certificate extensions, algorithms and PKI procedures
- CA-level keys are in HSM devices (Hardware Security Module) located at highly secure premises with audited security classifications
- All processes are documented
- You can procure both publicly trusted certificates as well as low-cost private certificates using same tools
Service is compatible with all digital certificate use cases, for example:
- X802.1xr device certificates for workstations and if needed, also for mobile devices
- SMIME certificate for email encryption
- Client certificates for strong authentication
- Server certificates for webpages and other network devices
An illustration of a sample solution
Service features
- A customer CA is created and keys are protected using Telia HSM devices
- Telia CA Proxy software is deployed at one to two customer AD domain controllers
- Normal Windows certificate requests are routed to Telia HSM backend service
- Certificate contents, extensions and checks are agreed with Telia
- Current recommendation is to use Offline Root CA with Sub CA's below that for various certificate types
- OCSP (Online Certificate Status Protocol) is optional, CRL (Certificate Revocation List) is always included
- Telia certificate portal comes with the service. The portal contains management for these certificate types:
- Public TLS certificates
- Private certificates for AD networks
- The portal enables following management actions:
- Certificate revocation
- Creation of public and private certificates as a self-service
- Certificate expiration warning feature
Pricing, ordering and deployment
- The service comes with a monthly price. The price is depending on:
- Number of CA certificates (root and issuing level certificates)
- Number of end-user certificates
- Fee for OCSP service
- Inquiries about ordering and pricing:
- Service deployment takes place as an co-operation project. Telia handles configuration and creation of CA certificates. Certificate contents and checks are specified by customer and implemented by Telia. Telia CA Proxy software is deployed as a common project by Telia and customer. At the end of the deployment project creation of certificates, certificate contents are approved. As a final act the service is moved into production mode