Inhaltsverzeichnis
Daily Operations
Target audience: PKI Operators, Helpdesk
Duration: 5-15 min per task
Runbooks for daily operative PKI tasks with Post-Quantum Cryptography.
Overview
flowchart LR
subgraph INPUT["INPUT"]
CSR[CSR received]
REQ[Renewal request]
INC[Security Incident]
end
subgraph PROCESS["PROCESSING"]
P1[Validate]
P2[Approve]
P3[Execute]
end
subgraph OUTPUT["OUTPUT"]
CERT[Certificate]
CRL[CRL Update]
LOG[Audit Log]
end
CSR --> P1 --> P2 --> P3 --> CERT
REQ --> P1
INC --> P3 --> CRL
P3 --> LOG
style P1 fill:#fff3e0
style CERT fill:#e8f5e9
style CRL fill:#ffebee
Runbooks
| # | Runbook | Description | Duration | Frequency |
|---|---|---|---|---|
| 1 | Issue Certificate | Validate CSR, sign, deliver | ~10 min | Daily |
| 2 | Renew Certificate | Renew expiring certificates | ~15 min | Weekly |
| 3 | Revoke Certificate | Revoke compromised certificates | ~5 min | As needed |
| 4 | Health Check | Daily PKI system check | ~5 min | Daily |
Quick Access
Most common commands:
# Create certificate from CSR (Hybrid mode) openssl x509 -req -in request.csr -CA intermediate.pem -CAkey intermediate.key \ -out certificate.pem -days 365 -copy_extensions copy # Verify certificate openssl x509 -in certificate.pem -text -noout # Generate CRL openssl ca -gencrl -out crl.pem -config openssl.cnf
Escalation
| Situation | Escalate to | SLA |
| ———– | ————- | —– |
| CSR validation unclear | PKI Admin | 4h |
| Suspected compromise | Security Team | 1h |
| CA unreachable | IT-Ops | 30 min |
« <- Operator Scenarios | -> Issue Certificate »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional
Zuletzt geändert: on 2026/01/30 at 01:41 AM
