Client Overview
- CHEM is a public regional hospital serving southern Luxembourg, founded in 2004
- Operates across three sites with ~1,800 employees and around 250–260 doctors, treating ~140,000 patients annually
- The client struggled with limited visibility into their ADCS setup, missing critical issues like expiring certs and weak keys
- Manual checks failed to catch silent failures and config drift across their CA hierarchy
Challenge
The client operated multiple Microsoft ADCS deployments issuing X.509 certificates across various use cases, with a strong focus on user and device authentication within their enterprise network. Despite the critical role these certificates played in securing access and communications, the client had limited visibility into the health and risk posture of their PKI environment. With each CA operating independently, detecting silent failures such as weak RSA keys, expiring certificates, or broken CRLs became increasingly difficult and reactive. The client needed a solution that could centralize insight across all ADCS instances, automate 200+ health checks, and proactively surface risks without requiring changes or downtime to their existing CA configurations.
Solution
After a focused evaluation period, the client selected our PKI Insights platform to address visibility gaps and operational blind spots in their Microsoft ADCS environment. Several factors influenced their decision:
- PKI Expertise & Accuracy: Our deep expertise in ADCS and PKI risk gave the client confidence that PKI Insights would precisely detect real issues from weak keys, expiring certs, failed calls & expiring CRLs
- Low Impact, High Value: PKI Insights delivered over 200 health checks without requiring agents or changes to their CA setup. This lightweight approach aligned perfectly with the client’s strict change management policies
- Responsive Support: Our experts collaborated with their IT and security teams to turn ADCS from a black box into a measurable, auditable system helping interpret results, prioritize fixes, and ensure lasting value from PKI Insights.
Results
Thanks to Codegic’s expertise and precision-focused solution, the client successfully deployed PKI Insights to gain continuous visibility into their Microsoft CA health, delivering the following key outcomes:
- Quick Results: A single installation of PKI Insights gave the client deep visibility into their critical PKI infrastructure surfacing key issues within just 30 minutes
- Comprehensive CA Health Checks: PKI Insights performed over 200 automated checks across the client’s ADCS environment, surfacing critical issues such as weak key usage, expired certificates, and misconfigured templates
- Non-Intrusive Deployment: The solution was implemented without any changes to the CA configuration, aligning with strict infrastructure and compliance controls while enabling immediate insights
- Clear Risk Scoring & Visibility: Each CA was assigned a health grade (A+ to F), allowing the client to instantly understand their PKI posture and take action before minor issues became outages or audit failures
- Audit Readiness & Continuous Monitoring: With dashboards, alerts, and daily reports, the client moved from reactive troubleshooting to proactive PKI governance helping them stay prepared for internal and external audits
“Using PKI Insights from Codegic has significantly improved our visibility into ADCS operations, helping us detect and respond to Microsoft CA issues with greater speed and confidence. Beyond the intuitive dashboards and actionable alerts, what truly stands out is the excellent quality of the product, the professionalism of the team, and their consistently responsive support. These qualities have made Codegic a trusted long-term IT partner for our organization”
Michel Rendine, Ingénieur systeme, CHEM.
