Our PKI Management Platform
TLS/SSL Certificate Lifecycle Management (CLM)
S/MIME-based secure email (SES)
The automated management and distribution of personal certificates for device authentication (DA)
PKI (Public Key Infrastructure) and Certificate Lifecycle Management (CLM) do not have a good reputation. Deploying, managing, and distributing certificates is known as a complex, cumbersome, error-prone (potentially significant negative impact), and labor-intensive process.
Which is a shame, because it doesn't have to be that way at all. KeyTalk solutions make PKI Management particularly simple, efficient and accurate.
Simply the best PKI platform in the world
Certificate Lifecycle Management
For most organizations, Certificate Lifecycle Management is a nightmare. We often find departments where the duration of certificates is recorded in the Outlook agenda or in an Excel spreadsheet. Or worse yet, you have no idea how many certificates there are or where they are on the network. This is not only cumbersome, but also error-prone and risky.
KeyTalk automatically maintains the lifecycle of your certificates. This way, you will always have an up-to-date and detailed view of all private and public certificates, as well as the cryptographic keys used.
Detecting existing certificates and keys on the network (certificate discovery) is easily possible with our Smart Security Scan. The found certificates and keys are imported into the KeyTalk CKMS and then managed.
KeyTalk CKMS PKI Management support includes, but is not limited to:
Building a central repository of all internal and external certificates and their corresponding keys, possibly through a certificate discovery process with our Smart Security Scan and importing valid certificates found in our CKMS.
Automatic deployment and renewal of certificates (or semi-automatic after notification and authorization) on servers, network devices and user devices.
Comprehensive reports, notifications and alerts.
Support for PKI compliance through centralized workflows, roles (delegates) and authorizations in departments and subsidiaries. KeyTalk is domain independent and therefore easy to configure in larger organizations.
Integrations with a growing number of Certification Authorities such as DigiCert, DigiCert QuoVadis, GlobalSign and Microsoft CA.
Authorization based on AD and AAD (Azure Active Directory).
A large and growing number of supported integrations and protocols. For example: MDM solutions like Intune and MobileIron, load balancers, hardware security modules (HSM), Citrix, SCEP, and ACME.
An internal CA for issuing private certificates that can also be short-lived.
Private CA
In addition to publicly trusted SSL certificates issued by a public Certification Authority, such as DigiCert, GlobalSign, Sectigo, etc., many companies use a private Certification Authority. Typically, this is a Microsoft Active Directory Certificate Server.
KeyTalk CKMS also includes its own private Certification Authority, which can be configured and used under an existing root Certification Authority or your own root Certification Authority.
To use an existing root Certification Authority, the certificate of the existing root Certification Authority with its private key can be uploaded, after which the KeyTalk CKMS will generate its own intermediate Certification Authorities under this Root based on the details provided through the wizard.
A root Certification Authority with private key can also be linked to the KeyTalk CKMS through a supported HSM.
The KeyTalk CKMS private Certificate Authority can also be used without a root Certificate Authority of its own. In that case, the private Certification Authority will generate its own root Certification Authority based on the details provided through the wizard.
In the simplest configuration, setting up your own private KeyTalk Certificate Authority takes no more than a few minutes, and then you can issue internal certificates of your own.
Authorization based on AD and AAD (Azure Active Directory)
Modern authentication through Microsoft Active Directory (AD) or Microsoft Azure AD (AAD) offers several features and benefits in combination with KeyTalk CKMS:
Characteristics:
Multi-factor authentication (MFA): Provides additional security by using more than one form of authentication, such as a password and SMS code.
Role-based access control (RBAC): Allows you to restrict access to resources and services based on the user's role. For KeyTalk administration, modification and viewing permissions can be assigned using Security Groups. In the case of certificate issuance or certificate use/access, Security Groups can be used to assign these permissions.
On premises, in the cloud or 'as a service'
KeyTalk CKMS is designed as a Virtual Machine (VM). This means that the underlying operating system (Ubuntu), the KeyTalk CKMS application (in C++), and the embedded database (MySQL RDBMS) form a unit and can be loaded directly as an image on VMware or HyperV-based hypervisors. This makes it easy to use from:
Your own IT infrastructure;
Cloud (private) environments such as AWS, Azure and Google Cloud;
As a full PKI service, where KeyTalk CKMS availability and management is completely facilitated by KeyTalk specialists.
There is a lot we can tell you about the KeyTalk PKI platform. From technical details to use cases and everything in between. So much information that it may be more convenient to answer your questions directly.
Don't hesitate to get in touch – our PKI experts are happy to help, can address specific use cases, and would be happy to provide a demo or proof of concept.
