Questions?

Yes, KeyTalk can handle multiple CAs. Both private CAs, such as Microsoft Active Directory Certificate Server, as well as public CAs, such as GMO GlobalSign or DigiCert QuoVadis.

Yes, KeyTalk develops functionality and integrations based on customer demand and the business case. When a required integration is not yet supported and is technically feasible, you can make a successful integration possible together with KeyTalk Business Unit. This integration will then be integrally incorporated into our software and thus also be maintained.

Yes, KeyTalk can generate private keys with sufficient entropy, as part of the centrally generated Certificate Signing Requests (CSRs). These asymmetric key pairs can be stored in its own AES256 encrypted management database or in a linked Hardware Security Module (HSM). As soon as a key pair expires or becomes invalid, the KeyTalk platform will regenerate this key pair and the associated certificate, either automatically or semi-automatically through a workflow process.

Our definition of short-lived X.509 certificates: certificates that do not last longer than the time it takes for a current Certificate Revocation List (CRL) to be updated and distributed from the moment they are issued. Do you normally work with CRLs that are updated once a day? Then, short-lived certificates are valid 24 hours shorter. Online Certificate Status Protocol (OCSP) radiators are theoretically much faster than CRLs to update, but in practice, it usually takes longer than the average time to update a CRL to establish the necessity of including a certificate in an OCSP up to and including the actual inclusion of a certificate in an OCSP. This means that OCSPs are usually no more practical than a CRL when it comes to short-lived X.509 certificates.

KeyTalk can assign any lifespan to a certificate to be issued, as the target Certificate Authority supports this. The shortest validity that KeyTalk can assign to a certificate is 1 second.