Ranjan Kathuria
My name is Ranjan Kathuria, and I am currently a Staff Cloud Security Engineer / Cloud Security Architect at Rubrik, a recognized leader in Data Backup and Data Security. Based in San Francisco, I lead Rubrik’s cloud security program, drawing on nearly a decade of experience in the information security field. I have served as a founding security engineer twice, building security programs from the ground up, and I am passionate about advancing the industry through both hands-on engineering and research.
Session
This talk presents a scalable framework for deploying an enterprise Private Certificate Authority (CA) using OpenSSL and cloud-based HSMs. We explore a solution that centralizes certificate lifecycle management including issuance, monitoring, and automated expiry alerts while enforcing security through offline key generation with OpenSSL (RSA-2048) and hardware-grade protection via AWS CloudHSM. The design eliminates direct key exposure by leveraging FIPS 140-2 Level 3-validated HSMs and enables self-service workflows with minimal manual intervention. Attendees will learn practical strategies for balancing security, automation, and usability in PKI deployments.