Introducing the 2024 PKI & Digital Trust Report     | Download the Report

  • Home
  • Blog
  • PKI
  • Automating PKI Deployments and Achieving Zero Trust: How Siemens AG Made it Happen

Automating PKI Deployments and Achieving Zero Trust: How Siemens AG Made it Happen


And how organizations of all kinds can do the same with access to Keyfactor EJBCA

For Siemens AG, a technology company focused on industry, infrastructure, transport, and healthcare, trust is everything.

Like many businesses, Siemens relies on public key infrastructure (PKI) to establish trust. This trust extends to its external-facing products as well as all of its users through an enterprise-wide zero-trust policy.

However, as the company grew and its PKI needs evolved, Siemens realized that its legacy approach of managing manual deployments would not scale effectively. Fortunately, the team found a solution in Keyfactor EJBCA Enterprise and Red Hat Ansible.

From manual to automated: Siemens’ journey to modern PKI

As Siemens’ PKI program evolved, the team ran up against more and more demands for new certificates and quickly realized their status quo of manual deployments wasn’t sustainable. Instead, they needed a new approach that would allow for greater efficiency.

The combination of Keyfactor EJBCA Enterprise and Red Hat Ansible helped Siemens overcome this challenge, reducing time spent on the setup and deployment of new systems from more than a week to one day.

First, the team automated the setup process using the Red Hat Ansible Automation Platform. This platform allowed them to develop repeatable playbooks for installing, configuring, hardening, and deploying PKI operations. Now, every time they need to set up a new system, they can simply run each playbook, rather than going through a laundry list of manual steps that are ripe for human error.

Next, they deployed EJBCA Enterprise, an end-to-end certificate management solution for simplified and automated PKI operations at scale, that works as part of Siemens’ playbooks. This combination automates the entire process, including installing and hardening Jboss and configuring hardware security modules (HSMs).

Time savings, consistent results, and zero-trust attainment: benefits of automated PKI deployments

Automating PKI deployments with EJBCA Enterprise and Red Hat Ansible has led to several benefits for Siemens:

  • Time savings: Now, the Siemens team can deploy new systems and manage certificates in significantly less time. This has given them time back to focus more on experimentation and other value-add activities.
  • Consistent results: Automation eliminates room for manual error in detailed processes, which leads to highly consistent results. It also means that all of the documentation for these processes is always up to date and complete, avoiding issues as responsibilities change hands and team members leave.
  • Zero-trust attainment: The application of consistent PKI processes and end-to-end management has enabled Siemens to achieve its goal of an enterprise-wide zero-trust policy for tighter and more reliable security.

Making automated PKI attainable to every business: opens-source software from Keyfactor

Notably, Keyfactor has made this type of automated PKI widely attainable by releasing open-source PKI deployment playbooks on GitHub – all you need is an understanding of EJBCA, Ansible, and your organization’s PKI requirements.

Keyfactor chose to make EJBCA widely available in this way because IT security is a fundamental building block of today’s digital society, and the only way to achieve that goal is to make the necessary solutions accessible to everyone.

Why EJBCA? EJBCA offers a valuable solution to many of the security-related challenges organizations face today through a modern PKI solution built specifically for teams with dynamic cloud environments and high-volume certificate needs. It allows for centralized PKI management across all use cases, unlimited CAs and certificates in a single instance, greater extensibility with a robust API and pre-built integrations, and high scalability and availability – all of which are common roadblocks for teams with manual, legacy deployments like Siemens had previously.

The open-source release of EJBCA goes hand-in-hand with the Keyfactor Community, which provides a secure space for development, operations, and engineering teams to access open-source tools, collaborate with one another, and share expertise on security solutions like PKI and cryptography tools.

Ready to bring the power of modern PKI to your team?

Siemens’ ability to save time, realize more consistent results, and achieve enterprise-wide zero-trust is a true testament to the ability of a modern PKI program to effectively automate deployments and management. Most importantly, these results are not unique. And with widespread access to EJBCA, they’re more attainable than ever.

To learn more about the challenges Siemens faced and the results of implementing EJBCA Enterprise and Red Hat Ansible, click here.