Successful migration for [OMICRON]
OMICRON develops innovative products and services for the electrical energy industry.
Support for PKI and key migration to one set-up consisting of Keyfactor EJBCA Software Appliance, SignServer Software Appliance and network-compatible HSM
The customer
OMICRON electronics GmbH is a global company based in Klaus, Vorarlberg, Austria. It manufactures testing and diagnostic equipment for assessing the condition of primary and secondary technical equipment in electrical power engineering. OMICRON safeguards equipment using signed firmware for a secure boot process to prevent manipulated software from being loaded when devices are initiated. The company also uses digital device certificates which enable digital identity management. It employs a PKI solution (public key infrastructure) here, which enables actions such as signature processes from firmware and issues corresponding certificates.
The project
Under the project, achelos introduced Keyfactor Software Appliances for OMICRON and replaced the existing system. We migrated the customer-specific PKI system to a future-ready and secure solution. The entire key material was transferred to a new network HSM (hardware security module) securely and in compliance with BSI guidelines. Specifically, achelos set up and commissioned a network-capable HSM for the customer. We also performed a database migration of the Keyfactor EJBCA and SignServer Hardware Appliance into separated software appliances.
The tasks included creating a role concept for the HSM and importing key material from the internal HSM of the old hardware appliance to the new network HSM. It was important to secure the existing system in advance, inspect critical configuration points and to configure the software accordingly later during the migration. The result was a successful database and key migration of the existing data from the hardware solution as well as adaptation of this data to a new database structure to ensure that the new software appliances can be operated with the existing data.