Client Overview
The organisation is a mid-sized pharmaceutical manufacturer based in India, operating three production facilities and supplying formulations to both domestic and export markets. The company runs a mix of manufacturing execution systems, quality management software, ERP, and laboratory information systems — several of which require validated, continuously trusted network connections as part of regulatory compliance under Schedule M and export market quality standards.
The Challenge
The company's IT team was managing approximately 180 SSL/TLS certificates across its production and corporate IT environments using a combination of vendor-managed renewals and internal spreadsheet tracking. The challenge surfaced when a certificate on the company's ERP-to-quality-management-system integration expired without warning, disrupting batch release approvals for 36 hours during a scheduled production run. The disruption delayed a consignment destined for an export customer, resulting in a formal complaint and a contractual penalty. A post-incident review identified that three other integration certificates were within 45 days of expiry with no renewal plan. The IT manager recognised that manual tracking was not sustainable as the company continued adding systems.
“A 36-hour disruption to batch release because of an expired certificate is not something you want to explain to an export customer. It was an avoidable problem and we needed to make sure it stayed avoided.”
— IT Manager
The Solution
eMudhra deployed CertiNext across the company's production and corporate IT environment. A discovery scan identified all 180 certificates, including the three integration certificates that were approaching expiry. Automated renewal workflows were configured with notifications to the IT manager and the relevant system administrator at 60 and 30 days before expiry, with a direct alert to the IT director for any certificate on production-critical integrations entering the 15-day window. A private CA was deployed for internal service-to-service certificates within the company's manufacturing network, removing the need to procure external certificates for connections that did not leave the internal environment. CertiNext's dashboard gave the IT team a single view of all certificates sorted by expiry date, environment, and business criticality.
Results
The three at-risk integration certificates were renewed immediately following deployment. In the 18 months since go-live, the company has had no certificate-related disruptions to production workflows or batch release processes. The IT team estimates the time spent on certificate management has reduced by around half, largely due to the elimination of manual spreadsheet tracking.
Metric | Before | After |
Certificates under managed governance | 180; tracked manually across vendors and teams | All 180 in CertiNext with automated workflows |
Production integration disruptions | 36-hour disruption from expired certificate | Zero cert-related disruptions in 18 months |
At-risk certificates at deployment | 3 integration certs within 45-day window | All renewed immediately post-deployment |
Certificate management effort | Manual tracking across spreadsheets | ~50% reduction through automation |
Internal certificate procurement | External CA for all certificates | Private CA for internal integration certs |
