Secure delivery of thousands of certificates

/ Innovation, News, Use Case / By / / Automation, Certificate, CLM, CZERTAINLY, Delivery, Innovation, Lifecycle, Management, Outage, Platform, Protection, Service Provider

By providing online services, it is often important to create the secure and trusted end-to-end encryption. It means that no one can listen to or compromise the communication between the service provider and service end-user.

This can be effectively achieved by certificates. Certificates serve as a unique identification of the users and only authorized devices and users with valid certificates can access the requested service. Moreover, communication is encrypted and secure. As long as the certificate is not compromised the service provider can be sure about the user identity and the user can trust in the provided service.

When the number of certificates increases over time, it becomes more complex to manage their state. Therefore, it is crucial for service provider to have a good tooling and approach to manage certificates effectively. Otherwise, it is just the question of time when the service becomes unavailable or compromised, because of invalid certificate.

CZERTAINLY - Efficient tool for management of certificates

CZERTAINLY is a management platform, which has been designed to enable efficient, user and developer friendly management of certificates and cryptographic keys.

The platform can provide connectors to an increasing number of entities such as certification authorities, discovery providers, technology platforms, IoT providers etc. From the user perspective, it has Administrator and Operator Web Interface for easy usage.

It can be configured to support a service-based approach, where each service is represented as RA Profile to manage the certificates for a given service in a consistent manner.

Developers can use friendly REST API to connect specific applications or even custom management portals.

This is useful for automation of certificate management of any service, including easy service decommissioning with revocation of related certificates.

When service provider needs to deliver certificates to end users

When service provider needs to secure communication using certificates, it must be delivered to the end-user in a trusted and transparent way. This is done during the setup of the service. All user interaction is usually done through the service provider portal, which is connected to the CZERTAINLY platform.

Key to a successful and efficient service delivery is an easy, complete, and efficient integration between all the necessary components of the service:

  • PKI (certification authority, security modules)
  • Entities such as users and devices
  • ERP system of the service provider
  • Service portal for transparent certificate management

CZERTAINLY allows the service provider to setup a dedicated profile for each of the services, that need certificates for their operation. It can be easily integrated with the certification authorities and service provider’s systems and procedures. All you need for the integration is the name of configured RA Profile. Reports and real time monitoring with detailed information and history of every certificate is readily available through the Web Interface or API.

This way it is possible to take care of the full certificate lifecycle for the operation of the service.

Examples

  • The user is approved for the service setup, the certificates can be issued via CZERTAINLY platform, and the users can download them in a secure way either from the service provider’s portal or from the Operator Web Interface of CZERTAINLY platform. The certificates are issued and operated in a consistent and compliant manner.

  • If the certificate is about to expire the system can be configured to make a fully automated renewal of the certificates including its upload to a target entity via the CZERTAINLY platform.

  • When the service should be decommissioned for the user, all related certificates are revoked and the service is immediately not accessible through the RA Profile configured in the CZERTAINLY platform.

  • Sometimes it may be necessary to make a change that applies to all certificates within a given profile. For instance, when the cryptographic algorithm was deprecated, is insecure, or not compliant to industry standards anymore, all certificates must be updated. This is the job ideally suited for the CZERTAINLY platform.

  • You might have a strategic need to move all the certificates to a new certification authority technology. This change can be done on the RA Profile level in the CZERTAINLY platform. Issuing of new certificates can be done remotely in large batches without any interruption to the service.

Resolve now, be prepared for the future

There are many ways how to resolve certificate management needs for larger organizations. While many scenarios work very well, they may not be sufficient for the future needs.

Because of the technology development, certificate management becomes more complex, and automation is a must. These trends are likely to continue. When deciding on an infrastructure solution dealing with the certificates, it is important to choose an open solution, which enables agility and is sufficiently robust to provide business continuity. CZERTAINLY is an open-source platform with the support and maintenance from the subject matter experts, which can help you to start managing your certificates without any vendor lock and with the flexibility needed to support your future use cases.

Get more information about the CZERTAINLY

Need Help

Do not hesitate to get in touch with us!

Contact us