KeyTalk now also offers automated PKI from the Cloud

31 Mar ‘22

Now it is also possible to automate PKI without running the PKI management software in your own IT infrastructure. KeyTalk launches a hybrid Certificate & Key Management service that is provided both on-site and from the Cloud.

Why is this especially useful right now?

Certificates are becoming increasingly difficult to manage manually. Even without a shorter lifespan of up to 1 year for TLS/SSL certificates, it is an inconvenient task to manually keep track of them in a spreadsheet. Furthermore, it is susceptible to human errors.

A lack of visibility is a major challenge for many organisations in managing their certificates. It is the reason why many organisations do not know whether all of their certificates are still valid, which is one of the leading causes of certificate related errors that can have major consequences. One expired TLS certificate can shut down a website for hours or even days.

With it’s CKMS, Keytalk supports multiple CA providers such as DigiCert, the European DigiCert QuoVadis, GlobalSign and soon Sectigo as well. So this is ideal for organisations that have to manage certificates from multiple CA’s in their organisation, and replace them in time. Additionally, more and more M2M connections are secured with internal non-public certificates. The KeyTalk CKMS features its own internal CA, or is able to connect to MS AD Certificate Services.

Add to this the strong emergence of the use of personal certificates for the digital signing of documents and emails, and the use of these certificates for authentication to company networks from external locations such as home offices, and the importance of a central system that manages everything becomes evident.

Is it safe from the Cloud?

You might wonder whether PKI management from the ‘Cloud’ is safe, because it concerns certificate key pairs that secure your entire IT infrastructure. For the Cloud version of the service, all conceivable precautions have been taken. All certificates of which the key pairs are contained in the encrypted database of the service are themselves encrypted with an AES 256 key, and this key, together with various ‘master’ and signing keys, is located on a hosted HSM which is connected to the service.

Prefer within your own IT (Cloud) infrastructure?

Many organisations prefer to manage their important PKI keys within their own IT infrastructure, which nowadays can often already largely be found in a private Cloud environment. The core of the KeyTalk CKMS is a Virtual Server that can easily be uploaded into your own virtual environment as a ready-made ‘OVF’ for Vmware or ‘VHD’ for HyperV. The basic set-up of your PKI management environment is completed within half a day.

Let’s just try it!

Our Cloud service is already permanently available so it’s very easy to try out the automated request, installation, configuration or simply the renewing of an existing certificate during a free ‘Proof of Concept’ project.

Get in touch with us and we will take care of it for you!