Summary
This white paper details DigiCert's modernization program aimed at scaling its Public Key Infrastructure (PKI) to support a tenfold increase in certificate issuance. The document outlines significant changes in the PKI ecosystem, including reduced TLS certificate validity periods and the necessity for organizations to automate processes to avoid outages and security failures. DigiCert's strategy includes upgrading its infrastructure, cryptography, compliance, and operations to ensure the issuance of more public certificates while maintaining security and performance. Key investments include high-performance signing clusters, redundant global Hardware Security Module (HSM) networks, and enhanced disaster recovery measures. The paper also discusses the implementation of Multi-Perspective Issuance Corroboration (MPIC) to enhance issuance integrity against DNS threats and the deployment of post-quantum cryptography capabilities. Additionally, it covers scaling Certificate Transparency, OCSP, and CRL systems to meet growing demands, as well as expanding global support and operational excellence to manage increased certificate lifecycles effectively.
