PracHub
QuestionsPremiumCoachesLearningGuidesInterview Prep
|Home/System Design/Coupang

Design a PKI for internal mTLS and certificates

Last updated: Mar 29, 2026

Quick Overview

This question evaluates a candidate's competency in PKI architecture, cryptographic key management, certificate lifecycle (issuance, renewal, revocation), and operational security for internal mTLS and related signing use cases.

  • medium
  • Coupang
  • System Design
  • Software Engineer

Design a PKI for internal mTLS and certificates

Company: Coupang

Role: Software Engineer

Category: System Design

Difficulty: medium

Interview Round: Onsite

## System Design Prompt Design a **Public Key Infrastructure (PKI)** for an organization to issue and manage certificates used for: - Internal **mTLS** between services - User/device certificates (optional extension) - Code signing or document signing (optional extension) ### Requirements - Secure certificate issuance and renewal (automation preferred) - Certificate revocation (compromise/termination) - Strong key protection (HSM/KMS where appropriate) - Support multiple environments (dev/stage/prod) and possibly multiple regions - Auditable operations and incident response plan ### Deliverables - CA hierarchy design (root/intermediate) - Issuance/renewal workflows - Revocation approach (CRL/OCSP) and trade-offs - Key management, rotation, and disaster recovery - Operational model (access control, auditing)

Quick Answer: This question evaluates a candidate's competency in PKI architecture, cryptographic key management, certificate lifecycle (issuance, renewal, revocation), and operational security for internal mTLS and related signing use cases.

Related Interview Questions

  • Design an IAM system for services and users - Coupang (medium)
  • Design large video upload for a YouTube-like app - Coupang (medium)
Coupang logo
Coupang
Dec 13, 2025, 12:00 AM
Software Engineer
Onsite
System Design
3
0

System Design Prompt

Design a Public Key Infrastructure (PKI) for an organization to issue and manage certificates used for:

  • Internal mTLS between services
  • User/device certificates (optional extension)
  • Code signing or document signing (optional extension)

Requirements

  • Secure certificate issuance and renewal (automation preferred)
  • Certificate revocation (compromise/termination)
  • Strong key protection (HSM/KMS where appropriate)
  • Support multiple environments (dev/stage/prod) and possibly multiple regions
  • Auditable operations and incident response plan

Deliverables

  • CA hierarchy design (root/intermediate)
  • Issuance/renewal workflows
  • Revocation approach (CRL/OCSP) and trade-offs
  • Key management, rotation, and disaster recovery
  • Operational model (access control, auditing)

Solution

Show

Submit Your Answer to Earn 20XP

Sign in to leave a comment

Loading comments...

Browse More Questions

More System Design•More Coupang•More Software Engineer•Coupang Software Engineer•Coupang System Design•Software Engineer System Design
PracHub

Master your tech interviews with 8,000+ real questions from top companies.

Product

  • Questions
  • Learning Tracks
  • Interview Guides
  • Resources
  • Premium
  • For Universities
  • Student Access

Browse

  • By Company
  • By Role
  • By Category
  • Topic Hubs
  • SQL Questions
  • Compare Platforms
  • Discord Community

Support

  • support@prachub.com
  • (916) 541-4762

Legal

  • Privacy Policy
  • Terms of Service
  • About Us

© 2026 PracHub. All rights reserved.