====== Daily Operations ======
**Target audience:** PKI Operators, Helpdesk \\
**Duration:** 5-15 min per task
Runbooks for daily operative PKI tasks with Post-Quantum Cryptography.
----
===== Overview =====
flowchart LR
subgraph INPUT["INPUT"]
CSR[CSR received]
REQ[Renewal request]
INC[Security Incident]
end
subgraph PROCESS["PROCESSING"]
P1[Validate]
P2[Approve]
P3[Execute]
end
subgraph OUTPUT["OUTPUT"]
CERT[Certificate]
CRL[CRL Update]
LOG[Audit Log]
end
CSR --> P1 --> P2 --> P3 --> CERT
REQ --> P1
INC --> P3 --> CRL
P3 --> LOG
style P1 fill:#fff3e0
style CERT fill:#e8f5e9
style CRL fill:#ffebee
----
===== Runbooks =====
^ # ^ Runbook ^ Description ^ Duration ^ Frequency ^
| 1 | [[.:zertifikat-ausstellen|Issue Certificate]] | Validate CSR, sign, deliver | ~10 min | Daily |
| 2 | [[.:zertifikat-erneuern|Renew Certificate]] | Renew expiring certificates | ~15 min | Weekly |
| 3 | [[.:zertifikat-widerrufen|Revoke Certificate]] | Revoke compromised certificates | ~5 min | As needed |
| 4 | [[.:health-check|Health Check]] | Daily PKI system check | ~5 min | Daily |
----
===== Quick Access =====
**Most common commands:**
# Create certificate from CSR (Hybrid mode)
openssl x509 -req -in request.csr -CA intermediate.pem -CAkey intermediate.key \
-out certificate.pem -days 365 -copy_extensions copy
# Verify certificate
openssl x509 -in certificate.pem -text -noout
# Generate CRL
openssl ca -gencrl -out crl.pem -config openssl.cnf
----
===== Escalation =====
| Situation | Escalate to | SLA |
|-----------|-------------|-----|
| CSR validation unclear | PKI Admin | 4h |
| Suspected compromise | Security Team | 1h |
| CA unreachable | IT-Ops | 30 min |
----
<< [[..:start|<- Operator Scenarios]] | [[.:zertifikat-ausstellen|-> Issue Certificate]] >>
----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//
{{tag>operator daily-operations runbook pki}}