Client Overview
The organisation is a mid-sized private sector bank in western India, operating 280 branches and serving approximately 2.5 million retail and SME customers. The bank runs a mix of on-premises and cloud-hosted applications supporting internet banking, mobile banking, and payment gateway services. As digital channel usage grew, maintaining secure and uninterrupted access to these platforms became a top priority for the IT security team.
The Challenge
The bank's IT team was tracking over 350 SSL/TLS and code-signing certificates using spreadsheets maintained by individual application owners. With no centralised visibility, certificates were routinely renewed only after services had already gone offline. In an 18-month period, the bank experienced two certificate-related outages — one of which disrupted internet banking access for several hours during a weekend, generating customer complaints and a note from the RBI's IT examination team. A third near-miss was caught only because a vendor happened to send a manual reminder. The bank had no way of knowing how many certificates existed across its estate at any given time, let alone which ones were approaching expiry.
“We were essentially waiting for things to break before we renewed certificates. That approach stopped being acceptable the moment we got a note from the regulator.”
— Head of IT Infrastructure
The Solution
eMudhra deployed CertiNext across the bank's server and application estate. An automated discovery scan identified 360 certificates across on-premises servers, cloud-hosted applications, and API gateways — including 28 that were already expired or within 30 days of expiry. CertiNext integrated with the bank's Active Directory and existing CA, establishing automated renewal workflows with notifications at 90, 60, 30, and 7 days before expiry. Critical internet-banking and payment-gateway certificates were assigned to a priority queue with direct escalation to the CISO. A private CA instance was also deployed for internally used service certificates, reducing external CA costs for low-risk internal connections. The bank's IT team could now view the full certificate estate — sorted by risk, business unit, and expiry window — from a single dashboard.
Results
Within six weeks of deployment, all 28 at-risk certificates were renewed and the bank's certificate estate was fully visible for the first time. In the 12 months following go-live, the bank recorded zero certificate-related service disruptions. The IT team estimates that certificate renewal effort dropped by around 60%, freeing up time previously spent on manual tracking. The RBI examination team acknowledged the CertiNext deployment as a responsive remediation of the earlier finding.
Metric | Before | After |
Certificates discovered | Estimated 300+; no accurate count | 360 certificates inventoried on day one |
At-risk certificates at go-live | 28 expired or expiring within 30 days | All renewed within 6 weeks; zero backlog |
Service outages (cert-related) | 2 outages in 18 months | Zero in 12 months post-deployment |
Renewal effort | Manual tracking across multiple owners | ~60% reduction through automation |
RBI examination finding | Finding raised on cert management gap | Finding closed; remediation acknowledged |
