Online PKI Assessment Portal


SKU: N/A Categories: , Tag:


Over the course of hundreds of engagements with companies of all sizes and industries around the world, PKI Solutions has amassed extensive knowledge of how to evaluate, implement and manage a PKI based on Microsoft Active Directory Certificate Services (ADCS). PKI Solutions President and Founder Mark B. Cooper first created the concept of PKI assessments in 2005 while at Microsoft and has been continually refining the process ever since.

Now, the methodologies and automated tools used during our Onsite Advanced PKI Assessments have been assembled into a comprehensive solution accessible through a web-based portal, allowing customers to perform ongoing self-assessments of their PKI implementation with unprecedented accuracy and efficiency.

Our unique PKI assessment process automates data collection and CA discovery. The result is the most consistent and systematic way to analyze the configuration and health of ADCS PKIs available today.



Licensing is available as either a single assessment or through an unlimited subscription. Our ala-carte assessment pricing enables you to purchase a single assessment to analyze your PKI at one point in time. Ideal if you are needing to perform an annual audit, determine the cause of ongoing problems, or are validating your design prior to production launch. If you only need to perform one or two assessments, this will be the ideal license for you.

Our subscription program offers the flexibility to perform a PKI Assessment an unlimited number of times within your environment. Ideal for organizations looking to perform a continual review and remediation of their PKI to ensure it is operating at its best. Throughout the 12-month period, you will be able to perform assessments on your schedule, as frequently as you need. Your subscription is not valid for service providers, consultants, or others performing assessments outside their own organization.


The Online PKI Assessment Portal process starts with a downloadable ADCS Collector tool that performs data collection in your environment. Once installed, the tool goes to work pulling configuration details from your online CAs from a single location – all within a few minutes. Offline CAs such as Root and Policy CAs that are isolated from the network are supported by using the data collector directly on each CA and the output files uploaded to the Online PKI Assessment Portal.

Unlike manual assessment processes, you don’t need to waste time completing surveys, digging around configuration files, registry keys, taking screenshots, or running experiments. Just download, run, upload and review. Once the configuration files are uploaded to the portal the results are displayed in a scorecard that gives you instant insight into the design, health, and configuration of your PKI. Additionally, you are instantly presented with areas for remediation ranked High Risk, Medium Risk, and Low Risk. The scorecard provides a grading matrix and a high-level analysis of your PKI. Is it in great shape or in poor health? The scorecard brings all of the best practices together in one place and weights and scores your environment.

You will also get an actionable checklist of elements that are essential to ensuring your environment is secure and properly maintained. The scorecard also lets you maintain a historical perspective of your environment. You can easily chart and review how your environment evolves and changes over time. The scorecard, checklists, and the historical record are centrally stored in a secure portal and easily accessed via a convenient web-based dashboard.


While every PKI implement is different, adherence to industry best practices invariably leads to the best performance, easiest management, and the strongest security posture for your organization. For many PKI managers it can be challenging to know whether best practices have been followed or not. Our Online PKI Assessment Portal is your assurance that no stone has been left unturned, spanning a complete set of topics, including:

  • PKI and Certificate Authority Operations
  • Infrastructure and Server Design
  • Industry Best Practices
  • Revocation Configuration, Intervals and Health
  • CA Extensions and Properties
  • Certificate Templates and Issuance
  • Cryptographic Suitability and Compatibility
  • Logical Security Protections, Enforcement and Risks
  • Online Certificate Status Protocol
  • Security Updates and Patches
  • Key Recovery
  • Failed or Legacy CAs no Longer in Operation


The Online PKI Assessment Portal is available either as a one-time snapshot into the health of your PKI or as an annual subscription. The one-time assessment is well-suited for organizations that are confident they are following best practices and want to discover any areas they may have overlooked. The annual subscription provides unlimited assessments and is for those organizations dedicated to ongoing improvements in operational excellence, or that may face continual change or growth in their PKI. Mergers, acquisitions, or high staff turnover are also important considerations. Whether it’s weekly, monthly, or quarterly assessments, the portal’s on-demand feature enables you to get an instant snapshot of your PKI.



For deeper analysis or more complex assessment needs the Online PKI Assessment Portal can be combined with our Advanced Onsite PKI Assessment. These assessments go deeper and include a more thorough review of the environment. Areas include physical security controls, monitoring, patching, OCSP, NDES, documentation, key recovery, and Hardware Security Modules (HSMs). Certificate Policy and Certificate Practice Statement reviews are also optionally available as part of the review