CertM

System Characteristics:

• Uses digital/automatic processes instead of error-prone manual processes.
• Ability to detect and view existing certificates and their status
• Centralized system for managing PKI infrastructures
• Automation throughout certificate lifecycles
• Automatic certificate renewal
• Integration with HSM components
• Certificate expiration alerts
• Integration with the organizational CA
• Integration with international CA providers

Automation throughout certificate lifecycles

CA and Network Scanning

• Network and CA scanning to detect all network digital certificates
• (SSL/TLS, SSH, Mobile, Kubernetes, WiFi & VPN)
• Direct scanning via an Enrollment Agent
• Integrating with Private/Public CAs
• API for interfacing with third-party systems
• Integrating with AD

Automation

• Automatic digital certificate renewal
• Certificate expiration alerts
• Automated action configuration via API

Display

• All the organization’s digital certificates centralized on a single screen
• Comprehensive display of all existing digital certificates on the network
• Comprehensive display of all existing digital certificates on all CAs
• Current status of every digital certificate throughout its lifecycle

Management and Monitoring

• Digital certificate lifecycle management
• Search/filter/sort based on required criteria
• Revocation/suspension of digital certificates
• Manual/automated management

Reporting

• Digital certificate filtering by CA
• Filtering based on protocols/ports/devices and more
• Reports and statistics
• Alerts and warnings

Functionality:

CA and Network Scanning

• Network scanning and status display of all existing digital certificates (including IIS, Apache, F5, Imperva, GigaMon)
• Verification of certificates installed on system-linked CAs
• Automatic search for certificates installed on the organizational network
• Direct scanning via an Enrollment Agent
• Certificates catalogued by the components in which they are embedded: protocols, IP addresses, ports, URLs, and more.

Monitoring and Alerts

• Reports and statistics
• Filtering and screening to generate reports based on required criteria
• Certificate expiration alerts and warnings, to facilitate timely action
• Logs collected by monitoring systems through SNMP/SYSLOG

HSM Component Integration

• Secure key storage in a dedicated physical device (HSM) with partitioning capability
• Key storage for various purposes: SSL, Code Signing, Client Authentication, Docker Container
• ComSign KSP service on servers/endpoints for communication with the central KSP Server
• Uses Reference for central HSM
• Automatic creation of a KDC authentication certificate (for LOGON) from the central HSM using ADCS

Central Management

• Easy-to-use and Intuitive Control Screen (WEB) for management
• Issues various digital certificates such as SSL, Authentication, etc.
• Digital certificate creation, configuration, signing, and issuance
• Display of all network certificates, with advanced filtering options
• Automatic certificate renewal close to expiration date (configurable)
• Alerts to system manager (via email/SMS) regarding expiring certificates
• Revocation/suspension of digital certificates
• Certificate display/download
• Full resilience

Interfaces:

• System is On-Prem/SaaS
• Integrates with several CAs
• Integrates with organizational CA services (supports MSCA/EJBCA)
• Integrates with external CA services (DigiCert)
• Integrates with HSM components (given CSP)
• Integrates with AD
• Integrates with data security and monitoring systems
• Integrates with third-party systems
• Integrates with external DB
• REST/SOAP API