Client Overview
The organisation is a consortium of four private universities in Southeast Asia that has established shared digital infrastructure — including a joint student portal, a shared library system, and a cross-campus learning platform — to improve services for a combined student population of around 35,000. The consortium's IT team has been building out the shared infrastructure over three years, and as more systems came online, the need for a consistent and trusted certificate framework became increasingly apparent.
The Challenge
Each university in the consortium had historically managed its own IT certificates independently. When the shared infrastructure was established, the consortium IT team attempted to coordinate certificate management across all four universities — but with four different approaches and no unified platform, the process was fragmented and inconsistent. Two of the universities were still using self-signed certificates for their connections to the shared student portal, resulting in trust errors for students accessing the portal from those campuses. The consortium was also exploring the possibility of issuing digitally signed academic certificates and transcripts to graduates — a use case that required a CA infrastructure capable of producing legally recognised digital credentials rather than just internal SSL certificates.
“We wanted to move to digitally signed academic credentials, but we had universities in the consortium still using self-signed certificates for basic portal access. We needed to build the PKI foundation properly before we could do anything more ambitious.”
— Consortium Chief Technology Officer
The Solution
eMudhra deployed emCA to establish a PKI infrastructure for the consortium, covering both the shared infrastructure certificate needs and the academic credential issuance use case. A Root CA and two subordinate Issuing CAs were deployed — one for SSL/TLS and system authentication certificates used across the shared platforms, and one configured specifically for academic credential signing. Self-signed certificates at the two universities using them were replaced with certificates issued from the consortium CA, resolving the student portal trust errors. Certificate profiles for academic credentials were configured to meet the requirements of the relevant national education authority's digital credential recognition framework. A governed issuance process was set up for each university's registrar office to request academic certificates through an online workflow, with the consortium IT team maintaining oversight of the CA operation.
Results
Student portal trust errors were resolved within three weeks of the CA going live. The consortium issued its first digitally signed transcripts within 60 days of deployment — a capability that was noted in the consortium's annual report as a milestone in its academic digitalisation programme. Graduate employers have been able to verify credentials directly from the consortium's certificate validation service.
Metric | Before | After |
Shared portal certificate trust | Self-signed at 2 universities; student trust errors | Consortium CA certificates; trust errors eliminated |
Academic credential issuance | Paper-only; no digital signing capability | Digitally signed transcripts operational within 60 days |
PKI governance across consortium | 4 universities; 4 independent approaches | Unified CA with per-university RA workflows |
Student portal trust errors | Reported from 2 campuses | Resolved within 3 weeks of go-live |
Employer credential verification | Manual paper verification only | Digital verification via consortium CA service |
