Client Overview
The organisation is a fixed broadband and enterprise connectivity provider operating in the GCC, serving residential subscribers and corporate customers across a fibre and DSL network. The company operates a customer portal, a network operations platform, a billing system, and API integrations with regulatory reporting systems. As the company has expanded its enterprise customer base, maintaining secure and reliable connectivity services has required closer attention to the underlying certificate infrastructure.
The Challenge
The company's certificates were managed by three separate teams — the network operations team, the IT team, and an outsourced managed services provider responsible for the billing system — with no unified visibility or coordination. Each team handled renewals independently using its own process. The fragmentation led to a situation where the billing system's SSL certificate expired without the IT team being aware, because the managed services provider had assumed the IT team was handling it and vice versa. The billing outage lasted four hours and prevented customers from making online payments — generating complaints and a formal incident report to the telecom regulator. The regulator's response noted that the operator should have stronger controls around critical system availability.
“The billing system went down because two teams each thought the other was handling the certificate renewal. That's exactly the kind of coordination failure that a proper governance tool prevents.”
— Chief Technology Officer
The Solution
eMudhra deployed CertiNext to consolidate certificate management under a single platform, covering the customer portal, network operations platform, billing system, and regulatory API integrations. Ownership for each certificate was assigned explicitly within CertiNext, eliminating the ambiguity that had contributed to the billing outage. Automated renewal notifications were sent to the designated certificate owner at 90, 60, and 30 days, with a copy to the CTO for billing system and regulatory integration certificates. The managed services provider was given scoped access to manage billing system certificates within CertiNext, making their responsibilities visible to the internal IT team without creating duplicate processes. A compliance report module was configured to produce certificate status evidence for the telecom regulator's periodic reviews.
Results
Ownership for all certificates was formally assigned within the first week of deployment. In the 14 months since go-live, the operator has had no billing system or customer portal downtime related to certificate issues. The regulator's follow-up review noted the CertiNext deployment as a satisfactory control response to the earlier incident finding.
Metric | Before | After |
Certificate ownership model | Ambiguous across 3 teams; coordination failures | Explicit ownership per certificate in CertiNext |
Billing system availability | 4-hour outage from ownership confusion | Zero cert-related outages in 14 months |
Regulatory finding status | Incident report filed; finding outstanding | Regulator review closed the finding |
Managed services visibility | MSP managed billing certs invisibly | MSP has scoped access; IT team has full visibility |
Cert status reporting for regulator | Manual; ad hoc | Automated compliance report via CertiNext |
