HardChecklist

Post-Quantum Cryptography Migration Checklist

Your roadmap from classical to quantum-resistant cryptography. This checklist guides PKI teams through the post-quantum cryptography migration process across four phases. PQC migration is a multi-year journey - this checklist helps teams track progress and ensures nothing gets missed before the January 2035 deadline.

6-24 months (varies by organization size)

Last Updated: January 2026

Progress: 0/142 complete0%

When to Use

• Planning your organization's PQC migration strategy
• Quarterly progress reviews on PQC readiness
• Preparing for compliance audits related to cryptography
• After NIST releases new PQC guidance or standards

Do NOT Use For

• Single certificate renewal (use Certificate Renewal Runbook)
• Emergency certificate replacement (use Emergency Runbook)
• Learning about PQC concepts (see Post-Quantum Cryptography Guide)

Quick Reference (TL;DR)

Phase 1 (Discovery): Inventory all RSA, ECC, and DH usage across your organization
Phase 2 (Planning): Assess crypto-agility, contact vendors, get budget approval
Phase 3 (Testing): Set up lab environment, test hybrid TLS, pilot deployment
Phase 4 (Migration): Roll out PQC across production, starting with key exchange
High-risk systems should be migrated by January 2030; full migration by January 2035

1Phase 1.1: Algorithm Inventory

Objective: Identify all cryptographic algorithm usage across your organization

Identify all RSA usage: TLS certificates (web servers, load balancers, APIs)

Identify all RSA usage: Code signing certificates

Identify all RSA usage: Document signing and S/MIME certificates

Identify all RSA usage: VPN configurations and SSH keys

Identify all ECC/ECDSA usage: TLS certificates, code signing

Identify all ECC curves in use: P-256, P-384, P-521

Identify all Diffie-Hellman usage: TLS cipher suites (DHE/ECDHE)

Identify all DH usage: VPN key exchange, custom applications

Document key sizes currently in use (RSA: 2048/3072/4096, ECC: P-256/P-384)

💡 All RSA, ECC, and DH algorithms are vulnerable to quantum computers using Shor's algorithm

💡 Symmetric algorithms (AES-256) and hash functions (SHA-256) are quantum-resistant

2Phase 1.2: Certificate Inventory

Objective: Create a complete inventory of all certificates in your organization

Export complete certificate inventory from CLM tool (Venafi, Keyfactor, etc.)

Run discovery scan if no CLM tool in place

Include internal AND external certificates

Categorize certificates by algorithm (RSA count: ___, ECDSA count: ___)

Identify all Certificate Authorities issuing certificates to your org

Check with each CA: Do they support PQC? Timeline?

Map certificate dependencies: which systems depend on which certificates

3Phase 1.3: Data Classification

Objective: Identify data at risk from "harvest now, decrypt later" attacks

Identify data requiring confidentiality for 10+ years

Flag government/defense data

Flag healthcare records (HIPAA)

Flag financial records and trade secrets

Flag legal documents with long-term validity

Assess "harvest now, decrypt later" risk for each data type

Assign priority: HIGH / MEDIUM / LOW for each category

💡 Adversaries may be capturing encrypted traffic today to decrypt with future quantum computers

💡 Long-lived secrets are the highest priority for PQC migration

4Phase 1.4: Infrastructure Assessment

Objective: Inventory infrastructure components and their PQC readiness

Inventory HSMs: models, firmware versions, PQC support status

Contact HSM vendor for PQC roadmap

Inventory load balancers: F5, Citrix, HAProxy, nginx, etc.

Document current TLS configuration on load balancers

Inventory web servers: Apache, nginx, IIS, Tomcat

Document TLS library versions: OpenSSL, BoringSSL, etc.

Inventory client applications: browsers, mobile apps, desktop apps

Identify IoT devices (often hardest to update)

Check OpenSSL PQC support

openssl list -kem-algorithms

List signature algorithms

openssl list -signature-algorithms

5Phase 2.1: Risk Assessment

Objective: Prioritize systems for migration based on risk level

Classify systems as HIGH risk: long-lived secrets, government, defense, healthcare

Classify systems as MEDIUM risk: financial, business-critical

Classify systems as LOW risk: internal tools, short-lived data

Create prioritized migration list (top 5 systems)

Identify quick wins: systems that can migrate easily

Identify test environments for pilot deployment

6Phase 2.2: Crypto-Agility Assessment

Objective: Evaluate your organization's ability to swap algorithms

Evaluate: Can systems swap algorithms without code changes?

Identify systems with hardcoded algorithms

Document systems requiring code changes for PQC

Identify technical debt: legacy systems that can't be updated

Identify end-of-life software needing replacement

Review certificate policies: do they allow PQC algorithms?

Identify certificate template updates needed

7Phase 2.3: Vendor Assessment

Objective: Understand vendor PQC roadmaps and support timelines

Contact Certificate Authorities: When will they offer PQC certificates?

Document CA PQC algorithm support plans

Ask CAs about pricing changes for PQC certificates

Contact HSM vendors: Firmware update or new hardware needed?

Contact CLM vendor: PQC certificate management support?

Review TLS library roadmaps: OpenSSL 3.x, BoringSSL, AWS-LC

💡 First PQC certificates expected commercially available in 2026

💡 OpenSSL 3.x includes PQC algorithm providers

9Phase 2.5: Create Migration Plan

Objective: Document the migration approach with phases and target dates

Define migration phases: Hybrid → PQC Signatures → Full PQC

Set target date: Hybrid TLS deployment

Set target date: First PQC certificates

Set target date: High-risk systems migrated (before January 2030)

Set target date: Full migration complete (before January 2035)

Document rollback procedures for each phase

Backup classical configurations before migration

10Phase 3.1: Lab Environment Setup

Objective: Create isolated test environment for PQC validation

Create isolated test environment mirroring production

Install PQC-capable software: OpenSSL 3.x with PQC providers

Update TLS libraries to PQC-enabled versions

Install PQC-enabled web servers

Generate test PQC certificates (self-signed or CA test program)

Check available KEM algorithms

openssl list -kem-algorithms

Generate ML-DSA key pair

openssl genpkey -algorithm ml-dsa-65 -out ml-dsa.key

11Phase 3.2: Hybrid TLS Testing

Objective: Validate hybrid key exchange (ML-KEM + classical) works correctly

Test PQC TLS connection

openssl s_client -connect example.com:443 -groups mlkem768

Check browser PQC support

Visit: https://pq.cloudflareresearch.com

12Phase 3.3: PQC Certificate Testing

Objective: Validate PQC certificates work in your environment

Generate test ML-DSA certificates

Install ML-DSA certificates on test servers

Verify client acceptance of ML-DSA certificates

Test certificate chain validation: Root → Intermediate → End-entity

Verify trust chain works end-to-end

Obtain PQC certificate from CA (if available)

Deploy CA-issued PQC certificate in test environment

13Phase 3.4: Pilot Production Deployment

Objective: Deploy hybrid TLS in limited production for real-world validation

Select pilot system: low-risk, non-critical, good monitoring

Deploy hybrid TLS (ML-KEM + X25519) on pilot system

Monitor for issues (minimum 2 weeks)

Collect metrics: error rates, performance impact

Document client compatibility issues found

Expand pilot to additional systems if successful

Test on different server types and network segments

14Phase 4.1: Key Exchange Migration (First)

Objective: Enable hybrid TLS key exchange across production infrastructure

Enable hybrid TLS on external-facing web servers

Enable hybrid TLS on API gateways

Enable hybrid TLS on load balancers

Enable hybrid TLS on internal APIs

Enable hybrid TLS on service-to-service communication

Update VPN configurations (if VPN supports PQC)

Monitor: no increase in errors

Validate: performance acceptable

Confirm: all clients working

15Phase 4.2: Signature Migration (Second)

Objective: Transition to PQC certificates for digital signatures

Begin requesting PQC certificates for new certificate requests

Use ML-DSA or hybrid certificates where supported

Replace certificates with PQC at renewal time

Update code signing to use ML-DSA

Maintain dual-signing if needed for compatibility

Update document signing for legal documents

Update document signing for contracts and compliance records

16Phase 4.3: Legacy System Handling

Objective: Document and mitigate systems that cannot migrate to PQC

Document systems that cannot migrate (technical limitations)

Document end-of-life software requiring replacement

Document vendor systems without PQC support

Implement compensating controls: network isolation

Implement additional monitoring for legacy systems

Create planned replacement timeline for legacy systems

Create exception documentation with business justification

Document risk acceptance and set review date

18Ongoing Maintenance

Objective: Establish processes for ongoing PQC monitoring and updates

Check OpenSSL PQC support

openssl list -kem-algorithms

List signature algorithms

openssl list -signature-algorithms

Test PQC TLS connection

openssl s_client -connect example.com:443 -groups mlkem768

💡 NIST Standards: FIPS 203 (ML-KEM for key exchange), FIPS 204 (ML-DSA for signatures), FIPS 205 (SLH-DSA conservative signatures), FIPS 206 (FN-DSA compact signatures)

💡 Key Deadlines: 2026 (first PQC certs available), 2027 (HQC standard expected), January 2030 (NIST deprecates 112-bit classical), January 2035 (NIST removes quantum-vulnerable algorithms)

Troubleshooting

Problem: Clients fail to connect after enabling hybrid TLS

Solution: Some older clients may not support hybrid key exchange. Configure server to fall back to classical algorithms for incompatible clients while offering hybrid to capable clients.

Problem: HSM does not support PQC algorithms

Solution: Contact HSM vendor for firmware update timeline. If no update available, plan for HSM replacement or use software-based PQC alongside hardware-protected classical keys.

Problem: Certificate Authority does not offer PQC certificates

Solution: First PQC certificates expected in 2026. Start with hybrid TLS (PQC key exchange with classical certificates) while waiting for PQC certificate availability.

Problem: Performance degradation with PQC

Solution: PQC algorithms have larger key sizes and may impact performance. Test thoroughly and consider ML-KEM-512 for lower-security use cases. Optimize TLS session resumption.

Related Resources

📖 Post-Quantum Cryptography Guide 📖 Crypto Agility Guide 📖 RSA vs ECC Guide ✅ PKI Compliance Checklist 📖 Compliance Hub NIST Post-Quantum Cryptography (External)Cloudflare PQC Test (External)

← Back to Checklists Library