Client Overview
The organisation is a regional telecom operator in India providing mobile, broadband, and enterprise connectivity services across two southern states. With a subscriber base of around 4 million and a network infrastructure spanning cell towers, data centres, and enterprise customer sites, the operator manages a significant volume of SSL/TLS and network authentication certificates across its operational technology and IT environments.
The Challenge
The operator's network and IT teams managed certificates across billing systems, network management platforms, customer portals, and enterprise VPN endpoints using a combination of vendor notifications and manual tracking maintained by different teams. There was no group-level certificate inventory. Over 18 months, the operator experienced three certificate-related incidents — including one on the customer self-care portal that caused login failures for around 8,000 customers over several hours, resulting in a surge of contact centre calls. A separate expiry on an internal network management system required an emergency maintenance window that affected network visibility for the NOC team during resolution. The IT security team raised certificate management as a risk item, noting that as the operator added more enterprise customer connections, the certificate footprint would only grow.
“A certificate expiry that causes thousands of customer login failures in the same week as a network management outage is hard to explain. We knew we had a systemic gap that needed fixing.”
— Head of IT Security
The Solution
eMudhra deployed CertiNext across the operator's network infrastructure and IT systems. A discovery scan identified 320 certificates across billing, customer portal, network management, and enterprise VPN infrastructure. Each certificate was classified by operational tier — customer-facing, network-critical, and internal — with different renewal triggers for each category. Customer-facing and network-critical certificates were configured with 90-day renewal workflows and direct escalation to the IT security head if any entered the 30-day window without action. Internal certificates used automated renewal with minimal manual intervention. A private CA was deployed for the enterprise VPN and internal network management certificates, reducing external CA procurement costs for these internal trust use cases. CertiNext's dashboard gave the NOC and IT security teams a shared view of certificate status across the entire estate.
Results
All near-expiry certificates were addressed within the first three weeks. In the 12 months following deployment, the operator recorded zero customer-facing incidents and zero NOC disruptions attributable to certificate expiry. Enterprise VPN certificate costs reduced following migration to the private CA.
Metric | Before | After |
Certificate estate visibility | 320 certificates; no group inventory | All 320 governed in CertiNext with tier classification |
Customer-facing incidents from cert expiry | 1 incident; 8,000 customers affected | Zero in 12 months post-deployment |
NOC disruptions from cert expiry | Emergency maintenance window required | Zero NOC disruptions post-deployment |
Enterprise VPN cert costs | External CA for all VPN certs | Reduced via private CA for internal trust |
IT security risk register | Certificate management as open risk item | Risk item closed post-deployment |
