Making the Switch: Migrating to Keyfactor (Part I)

Let’s set the stage. Today, PKI deployments initially built for one or two applications – things like SSL certificates and device authentication – are now expected to cover more users and devices than ever before. Demand for encryption and authentication has increased pressure on PKI teams, most of which are still managing their certificates with scripts and spreadsheets.

Even if they have a certificate management platform in place, cost-prohibitive licensing, limited scalability, or lackluster deployment have forced many organizations to look for an alternative solution.

Now your organization has decided to go with a new solution, the contract for your existing solution is about to expire, and you’re tasked with the job of moving all certificates out of the old database and into the new. You know how to write PowerShell, but documentation of certificate management APIs are often difficult to interpret. You reach out to your vendor for support, but you’re still struggling to write these custom jobs under tight time constraints. So where do you go from here?

For starters – don’t panic. Aggressive timeline planning and contractual deadlines are something that Keyfactor is quite familiar with. Here’s what we do to make it happen:

Our team starts by scheduling a “war room” session with your public key infrastructure (PKI) and scripting teams to assist with the export of certificates from your existing PKI database. Oftentimes, we do not have a sandbox to test the other vendor’s APIs, but the processes and formulas are mostly the same in our experience. We can provide sample scripts that myself and other architects here at Keyfactor commonly use to perform the same tasks.

While your organization begins scripting the data export (with Keyfactor guidance), we’ll begin creating a bulk data import job to act against your export job. Status checks and collaborative working sessions between your team and ours will be a regular occurrence throughout this stage. The result? Successful tests of both scripts.

Once both processes have been approved, it’s time to run the scripts. If we’re just migrating a few thousand certificates, go ahead and refresh your coffee. If we’re talking several GB of certificates, then I’d say now is the perfect time for lunch.

It’s as easy as logging into the Keyfactor platform and taking a sample of the certificates to ensure that the content and metadata were imported correctly. If everything looks good, then congratulations! The first step in your certificate management migration is complete.

The next step is to enable existing infrastructure to route the data to your Keyfactor database using certificate authority (CA) gateways and programmatic access to your network and endpoints through agent-based or agentless discovery. Stay tuned for the part two of this blog.

Fast Deployment, Easy Replacement

Deploy Keyfactor Command quickly and efficiently. You can even install our solution with your existing solution still in place – to ensure that you’re never exposed to a certificate-related outage, even for a minute – then uninstall them at your convenience.

Gradual Migration

Keyfactor co-exists with other solutions – expanding your visibility by catching what others miss. Your legacy solution can continue to manage certificates, while Keyfactor provides the advantage of flexible and modular design to fill the gaps and stop outages before they happen.