logo
logo

Questions?

Any specific questions? Perhaps the frequently asked questions or downloads will help you further.

Other questions, or are you just wondering what KeyTalk can do for your organization? Feel free to contact us. We would greatly enjoy thinking about it together.

Yes, KeyTalk can handle multiple CAs. Both private CAs, such as Microsoft Active Directory Certificate Server, as well as public CAs, such as GMO GlobalSign or DigiCert QuoVadis.

Yes, KeyTalk develops functionality and integrations based on customer demand and the business case. When a required integration is not yet supported and is technically feasible, you can make a successful integration possible together with KeyTalk Business Unit. This integration will then be integrally incorporated into our software and thus also be maintained.
Yes, KeyTalk can generate private keys with sufficient entropy, as part of the centrally generated Certificate Signing Requests (CSRs). These asymmetric key pairs can be stored in its own AES256 encrypted management database or in a linked Hardware Security Module (HSM). As soon as a key pair expires or becomes invalid, the KeyTalk platform will regenerate this key pair and the associated certificate, either automatically or semi-automatically through a workflow process.

Our definition of short-lived X.509 certificates: certificates that do not last longer than the time it takes for a current Certificate Revocation List (CRL) to be updated and distributed from the moment they are issued. Do you normally work with CRLs that are updated once a day? Then, short-lived certificates are valid 24 hours shorter. Online Certificate Status Protocol (OCSP) radiators are theoretically much faster than CRLs to update, but in practice, it usually takes longer than the average time to update a CRL to establish the necessity of including a certificate in an OCSP up to and including the actual inclusion of a certificate in an OCSP. This means that OCSPs are usually no more practical than a CRL when it comes to short-lived X.509 certificates.

KeyTalk can assign any lifespan to a certificate to be issued, as the target Certificate Authority supports this. The shortest validity that KeyTalk can assign to a certificate is 1 second.

More Frequently Asked Questions

Talk with a PKI expert

From trouble file to demonstrable success? We would be happy to provide you with a proof of concept for your organisation, without obligation.

Maanlander 47
3824 MN Amersfoort
The Netherlands
+31 88 539 82 55
info@keytalk.com

    Although we were one of the first customers to choose the combined S/MIME Management and Automation Service from GlobalSign & KeyTalk and we had to overcome some initial hurdles, we got fantastic support from the KeyTalk team and the service is working perfectly now. I would absolutely recommend their S/MIME Management and Automation Service to any company that needs easy-to-use end-to-end secure email communication. — Matteo Snidero, Head of IT @ Finance in Motion

    Contact KeyTalk