I have worked in a few places where PKI has been deployed and managed manually. We have had major issues in managing the keys issued and the nightmare we had as we updated our key management systems. (excel sheets) At one of the organizations I worked for, the system used a internally generated PKI for managing a large set of devices. These devices were issued certificates and are needed to connect to the server. This being an important and critical system involving devices all across the United States and Canada was such a pain to maintain as the certificates expire at different times and it was difficult to keep of track of expiring certificates, equipment that are pulled off the network and those that needs to expired for some reason. The main certificate server based on OpenSSL had the root certificate and the copies of the client certificates were maintained in a USB FoB key and locked away. The process is so contorted and involved two FTEs to handle this job on a regular basis (E...
Ramble on everything and anything that fancies my imagination