PKI System Setup

@AwaisChaudhry

Hi, I understand you need one PKI engineer to take full ownership of an on-prem PKI build, from discovery to handoff, with no support backstop. I can help design the CA hierarchy, RA and trust model, configure CA/RA/CRL, set up ACME for certificate automation, and build lifecycle workflows for issuance, renewal, revocation, and expiry alerts using Python, PowerShell, or Bash. I have hands-on experience with Linux, OpenSSL, automation, secure system design, and client-facing documentation, including diagrams, runbooks, and handoff notes that operations teams can follow. My approach will be to first confirm the platform and security needs, then build in stages, test each certificate flow, document the setup clearly, and run a knowledge transfer session so your client can manage it without outside help. Which PKI platform is already preferred or approved for this client: AD CS, EJBCA, HashiCorp Vault PKI, Venafi, Keyfactor, or are you expecting the engineer to recommend one? Are there any compliance, audit, or internal security standards the PKI design must meet? What certificate use cases are in scope, such as web servers, devices, users, services, Kubernetes, or VPN? Do you already have network diagrams, domain details, and server access ready for discovery before the June 1 start? Best regards,

@kamran2012

Hey, I will design and deploy your full PKI hierarchy — CA, RA, CRL, and ACME integration — with automated lifecycle management and client-ready documentation including runbooks and architecture diagrams. For the ACME setup, I will configure challenge validation and renewal policies that align with your trust model, preventing silent cert expiry across services. Questions: 1) Which CA platform are you targeting — AD CS, EJBCA, or Vault PKI? 2) What certificate volume and endpoint types should the lifecycle automation support? This bid is an initial estimate — I will confirm the final cost and timeline once we have walked through the complete requirements together. Looking forward to your response. Best regards, Kamran

@Muhammadzeesha59

As a seasoned developer with over 6 years of experience, I can bring a unique skill set and fresh perspective to your PKI implementation project. Though my background may be a little different from the specified profile, what makes me the right match is my versatility and love for coding. I have honed my skills in several languages including Python and PowerShell, specifically for the purposes of automation, which is a key skill needed for this project\s implementation of certificate workflows. Over the years, I have worked on various projects that require precise documentation and efficient knowledge transfer, from developing AI applications to deploying robust DevOps solutions. My experience ensures not only reliable support during each phase but also extensive handover-forming a comprehensive package for your team's independent operation post-engagement. Lastly, while my career has seen me successfully negotiate markets such as Forex and Koucoin, I understand they pale in comparison to the importance of security and compliance in PKI systems. However, it has shaped my attitude towards precision in details and following defined procedures -traits that are critical to ensuring the trustworthiness of the PKI system being set up. With negociable rate along with an adaptable mind ready for new challenge

@Microlent

I can step into this solo PKI engineer role and own the entire 8-week delivery from discovery to final handoff. I have extensive hands-on experience designing and deploying on-premises PKI architectures, including setting up robust CA hierarchies and configuring RA and CRL components. For the certificate lifecycle management and ACME integration, I will rely on my strong background in Python to build out fully automated, reliable workflows for issuance, renewal, and expiration alerting. I understand that because this is a solo engagement without a backstop, clear documentation is just as critical as the technical implementation. I will deliver comprehensive, client-ready architecture diagrams and runbooks, and I will lead a complete knowledge transfer session to ensure your client is fully equipped to manage the system independently after the June project wraps up. You can check out my portfolio and past infrastructure projects here: freelancer.com/u/microlent I am available to start on June 1st. Let us discuss the specific platform you prefer, whether that is HashiCorp Vault, AD CS, or another environment, and get this engagement mapped out. Best, Rajesh

@alizain721

You need one person to own an on-prem PKI from design through handoff — CA hierarchy, RA, CRL, ACME, automation and docs — and deliver it so your ops team can run it without me on the bench. I get that. The real failure mode is operational fragility: a good design plus ACME and alerting prevents outages from expiring or unrenewed certs. That’s where I focus. I recently built and handed over an on-prem AD CS and Vault-backed PKI for a regional financial client, including ACME integration and Python PowerShell automation, full runbooks, and a KT session. My approach 1. Discovery and inventory certificate consumers HSMs AD topology and compliance constraints 2. Design CA hierarchy RA trust model and CRL/OCSP topology and produce an architecture diagram 3. Implement CA RA CRL ACME endpoints and automation scripts for issuance renewal revocation and alerting 4. Test failover/recovery perform security hardening deliver runbooks and a recorded knowledge transfer I can start June 1 and will be the sole owner for the 8 week engagement. Rate proposed 102.5 USD hour negotiable. Relevant certs I hold include CISSP and HashiCorp Vault Associate. Quick question so I can draft an architecture diagram: do you have a preferred PKI platform (AD CS EJBCA Vault Venafi) and are HSMs required or planned?

@markupdudes

Hi, I’m excited to offer my expertise for your PKI System Setup project. With substantial hands-on experience designing and implementing on-premises PKI architectures, including CA hierarchies, RA, trust models, and CRL configurations, I am confident in my ability to deliver a robust and secure system tailored to your client’s needs. I have effectively integrated ACME protocols for automated certificate management and automated certificate workflows using Python and PowerShell, ensuring smooth and reliable lifecycle management. My approach will focus on delivering comprehensive client-grade documentation, including detailed architecture diagrams, runbooks, and a thorough project closeout report, coupled with a knowledge transfer session to empower your client with independent operational control. Having worked extensively with platforms like AD CS and HashiCorp Vault PKI, and bringing a strong security and compliance background, I am well-prepared to own the full scope of the project from discovery through handoff. I am ready to begin this fully remote engagement on June 1, 2026, and anticipate completing it within the 8-week timeline. I look forward to discussing how I can best support your goals and ensure a successful PKI deployment. Could you share which PKI platform you'd prefer or are currently using for this project? Best regards,

@Jennycreation

Having garnered 15+ years of comprehensive experience in various dimensions of software development, I believe I can bring invaluable skills to your PKI system setup project. While my background primarily lies in Python, window-based ASP.NET, and Android Development, my exposure to complex web projects and versatility to adopt new technologies align well with the requirements you have laid out for this engagement. In terms of similar work, recently I've been involved in large-scale projects involving automated certificate management and digital identity solutions. Specifically, one project required me to design a PKI system that integrated ACME protocol over on-premise Crypto Currency databases. This experience has given me an in-depth understanding of PKI concepts and profound hands-on knowledge of setting up a robust CA hierarchy and Trust models. On the personal front, ensuring client satisfaction is paramount to me. I consistently digest complex technical information and create clear, concise client-grade documentation that empowers teams long after my role in the project has ended. My rate is flexible because your satisfaction matters more than anything else and I am committed to working with you seamlessly from June 1st onward until the completion of this significant project.

@SkillCrafts

I understand you need an experienced PKI engineer to design and implement a robust on-premises PKI system. My recent work involved setting up a similar hierarchical CA structure with ACME integration for automated certificate renewals for a financial services client, significantly reducing manual overhead and improving security posture. I'm confident I can deliver a comparable, high-quality solution for your active client engagement. My approach will involve a phased implementation: first, a thorough discovery to define the CA hierarchy, RA model, and trust anchors based on your specific security requirements. Then, I'll configure the Root CA, issuing CAs, and Registration Authorities, followed by setting up CRL distribution points and OCSP responders. ACME protocol will be configured for automated certificate enrollment and renewal, and I'll implement comprehensive certificate lifecycle management workflows, including automated alerting for expirations and revocations, and script the necessary automation for certificate issuance and revocation processes. To ensure alignment with your client's specific needs, could you elaborate on the primary use cases for the certificates and any existing security infrastructure that needs to be considered for integration? I’m available for a brief call to discuss your project in more detail and outline a tailored plan.

@revival786

As an experienced cybersecurity professional, I would love to bring my automation and documentation skills to your PKI system setup. Over my 15+ years in the tech industry, I've proven my ability to deliver secure, scalable solutions tailored to the unique needs of each client. My proficiency with Python and Linux makes me well-equipped for automating certificate workflows as well as integrating ACME protocol for certificate management within the PKI framework. Additionally, I've designed and implemented numerous on-premises PKI systems throughout my career - ensuring proper CA hierarchy, RA, and trust model selection to align with security requirements. I'm highly familiar with AD CS and have substantial experience with EJBCA, HashiCorp Vault PKI, Venafi, and Keyfactor - offering a choice that best suits your needs. You can rest assured that my deliverables will include comprehensive and client-grade documentation, including architecture diagrams, runbooks, and a project closeout report. In conclusion, I believe that my deep understanding of PKI concepts combined with empirical knowledge of its components would make me an ideal fit for this project. Moreover, delivering effective documentation is just as important to me as it is to you — we both know proper handoff is vital. Let's start our partnership on June 1st and create an on-premises PKI system that exceeds your expectations.

@adamgaafar

As a seasoned software engineer with over 6 years of experience in developing robust, scalable solutions, I appreciate the core importance of security and trust within digital systems. Designing, implementing, and securing crucial components like certificate authorities (CAs), registration authorities(RAs), and certificate revocation lists(CRLs) have been an integral part of my work. In addition to my technical skills tailored for this project, my ability to work productively in a remote environment will guarantee timely delivery. I’ve always focused on ensuring long-term scalability and high performance in my applications which harmonizes perfectly with the autonomy required for this position. If given the chance, I assure you that I will pour all my experience, energy and learn quickly on any new areas as necessary to deliver excellent results for your project.

@mayr81

Hi there, I'm Cora May, and I design and implement on-premises PKI systems end-to-end, not just theory. I’ve built complete CA hierarchies with a clear trust model, configured CA/RA/CRL components, and delivered practical security-focused deployments suitable for active client engagements. For automated certificate management, I integrate ACME to streamline issuance and renewals, then implement full lifecycle controls: issuance, renewal, revocation, and expiration alerting. I also automate certificate workflows using Python plus either PowerShell or Bash, so operational handoff is straightforward and repeatable. You’ll get client-grade documentation with architecture diagrams, runbooks, and a project closeout report the team can use without guesswork, followed by a knowledge transfer session to ensure independent operation. What PKI platform are you planning to use (AD CS, EJBCA, Vault PKI, Venafi, or Keyfactor)? And will clients be enrolling via internal endpoints, ACME over HTTP-01/DNS-01, or both?