Daily Operations

Target audience: PKI Operators, Helpdesk
Duration: 5-15 min per task

Runbooks for daily operative PKI tasks with Post-Quantum Cryptography.

Overview

flowchart LR subgraph INPUT["INPUT"] CSR[CSR received] REQ[Renewal request] INC[Security Incident] end subgraph PROCESS["PROCESSING"] P1[Validate] P2[Approve] P3[Execute] end subgraph OUTPUT["OUTPUT"] CERT[Certificate] CRL[CRL Update] LOG[Audit Log] end CSR --> P1 --> P2 --> P3 --> CERT REQ --> P1 INC --> P3 --> CRL P3 --> LOG style P1 fill:#fff3e0 style CERT fill:#e8f5e9 style CRL fill:#ffebee

Runbooks

#	Runbook	Description	Duration	Frequency
1	Issue Certificate	Validate CSR, sign, deliver	~10 min	Daily
2	Renew Certificate	Renew expiring certificates	~15 min	Weekly
3	Revoke Certificate	Revoke compromised certificates	~5 min	As needed
4	Health Check	Daily PKI system check	~5 min	Daily

Quick Access

Most common commands:

# Create certificate from CSR (Hybrid mode)
openssl x509 -req -in request.csr -CA intermediate.pem -CAkey intermediate.key \
    -out certificate.pem -days 365 -copy_extensions copy
 
# Verify certificate
openssl x509 -in certificate.pem -text -noout
 
# Generate CRL
openssl ca -gencrl -out crl.pem -config openssl.cnf

Escalation

Situation	Escalate to	SLA
———–	————-	—–
CSR validation unclear	PKI Admin	4h
Suspected compromise	Security Team	1h
CA unreachable	IT-Ops	30 min

« <- Operator Scenarios | -> Issue Certificate »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

operator, daily-operations, runbook, pki