DMW Consulting Limited
All of the published documents on my web site are vastly redacted, 'anonymised' and / or truncated. Links for each document are included in each paragraph summary below.
Microsoft ADCS Design utilising HSMs
A design document for a customer which incorporated Active Directory Certificate Services (ADCS) and Thales nShield Hardware Security Modules (HSMs). The solution had two tiers: a Root CA and four Issuing CAs, one of the Issuing CAs cross-certified with a third-party CA.
Microsoft ADCS Design without utilising HSMs
A design document for a customer which incorporated ADCS deployed entirely on VMWare virtualisation platforms (even the Root CA). All CA private key material was solely protected in 'software' (no HSMs).
Gemalto SafeNet HSMs Design
A design document for a customer based upon a three tier PKI, which utilised SafeNet HSMs to protect private key material.
HID ActivID Smart Card Management System Design
A design document for a customer which incorporated HID ActivID smart card management, coupled with ADCS and Thales nShield HSMs.
Micosoft FIM CM Smart Card Management System Design
A design document which incorporated FIM CM (Microsoft Smart Card Management) in its solution, for issuing smart cards in sixty countries. FIM CM was coupled with ADCS and Thales nShield HSMs.
Microsoft ADCS Detailed Engineering
Anengineering document for a customer which incorporated ADCS. Essentially, the document describes the purpose of the installation and operational scripts.
Microsoft ADCS Operation
A support document which incorporated 'Microsoft PKI' in its solution, it includes routine operations such as Root CA CRL publication and transferral (promulgation), scripted or ad hoc certificate enrolment, PKI monitoring, etc.
Microsoft ADCS Key Recovery
A support document describing a process to recover a decryption private key in the event of its loss.
Java Key Signing
The document describes: 1) creating a self-signed certificate and private key with PowerShell, 2) converting a PFX to P12 with OpenSSL, 3) importing the P12 into a Java Key Store. The solution was a purely tactical one, described in this technical instruction (note).
Intercede MyID Smart Card Management
A test plan which incorporated Intercede MyID in its solution and instructed upon how to perform basic smart card tasks, such as requesting cards, issuing cards, certificate revocation, granting operator right entitlement.
Two AD Forests with One Credential
A report which looked into the options of simplifying the logon experience after two banks were merged. The banks had separate Active Directory (AD) forests which couldn't be 'fully joined' as they had different outsourcing partners (IBM and EDS), who couldn't agree to do anything together!
Key Signing Ceremony (KSC) Documents
Root CA CRL Publication
A KSC for creating a Root CA CRL in a very prescriptive and disciplined manner, at an offline Root CA hosted as a virtual guest on a 'laptop VMWare Workstation' based solution.
Changing Private Key Protection
A KSC for changing the HSM key protection of an Issuing CA private signing key from Operator Card Set (OCS) to 'module only'.
Material Not Shared
There are dozens more KSC documents... but they won't be shared!
Over the years, lots of engineering / detailed design documentation has been produced, but the redacting and anonymising process took away about 50% of the content. In a nutshell - it wasn't worth the bother!