Design a PKI for internal mTLS and certificates

Q: Design a PKI for internal mTLS and certificates

This is a System Design interview question from Coupang for Software Engineer roles. View the full question and solution on PracHub.

Q: How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

Question

System Design Prompt

Design a Public Key Infrastructure (PKI) for an organization to issue and manage certificates used for:

Internal mTLS between services
User/device certificates (optional extension)
Code signing or document signing (optional extension)

Requirements

Secure certificate issuance and renewal (automation preferred)
Certificate revocation (compromise/termination)
Strong key protection (HSM/KMS where appropriate)
Support multiple environments (dev/stage/prod) and possibly multiple regions
Auditable operations and incident response plan

Deliverables

CA hierarchy design (root/intermediate)
Issuance/renewal workflows
Revocation approach (CRL/OCSP) and trade-offs
Key management, rotation, and disaster recovery
Operational model (access control, auditing)

Design a PKI for internal mTLS and certificates

System Design Prompt

Requirements

Deliverables

Solution

Comments (0)