Introducing KeyTalk’s CA independent ACME based certificate issuance

Introducing KeyTalk’s CA independent ACME based certificate issuance
25 Jul ‘23

In today’s digital landscape, the importance of secure communication cannot be overstated. From safeguarding sensitive data to building trust with customers, having robust security measures is crucial. One fundamental aspect of securing online communication is the use of digital certificates whereby the life-time and with it the need to replace these certificates get sub 3 months.
Enter the Automated Certificate Management Environment (ACME) protocol, a game-changer in the world of certificate management. In this blog post, we introduce the latest upcoming KeyTalk feature: CA independent direct ACME based certificate issuance as well as ACME relay based certificate issuance.
Empowering organizations to issue both private Certificate Authority (CA) based certificates and publicly trusted Domain Validated (DV) and Organization Validated server certificates to network connected devices.

The Power of the ACME Protocol

The ACME protocol revolutionized the way certificates are managed. With its automated approach, ACME streamlines the complex and time-consuming process of certificate issuance, renewal, and revocation. By adopting ACME, organizations can save valuable time and resources while ensuring the security of their digital infrastructure.

ACME versus KeyTalk native REST protocol based agents

KeyTalk agents have existed long before the ACME protocol got introduced.
Our agents can do far more than “just” issue server certificates for specific webservers. It also deals with many client certificate use-cases such as S/MIME, network authentication 802.1x EAP/TLS based, and TPM based key attestation.
By including ACME support, KeyTalk certificate management becomes more versatile, allowing current and future customers to keep using their existing cert-bot and WIN-ACME agents.

Introducing KeyTalk

KeyTalk adds an innovative ACME (relay) server that brings the power of ACME to organizations seeking a flexible and comprehensive certificate management solution. With KeyTalk, organizations can issue two types of certificates: private CA-based certificates for internal network devices and publicly trusted Domain Validated (DV) server certificates for external-facing services.

Private CA-based Certificates

KeyTalk empowers organizations to establish their own private Certificate Authority (CA) using KeyTalk’s OpenSSL 3 based private CA and issue certificates for internal network devices. This allows organizations to maintain complete control over their internal certificate ecosystem, ensuring secure communication and authentication within the network.

Publicly Trusted DV and OV/EV Server Certificates

In addition to private CA-based certificates, KeyTalk also enables the issuance of publicly trusted DV and OV/EV server certificates to webservers running on any ACME agent supported Operating System. These certificates are essential for securing external-facing services such as websites, APIs, and other network-connected devices. KeyTalk seamlessly integrates with supported trusted Certificate Authorities to facilitate the issuance and management of public trusted certificates.

Streamlined Certificate Lifecycle Management

KeyTalk simplifies the entire certificate lifecycle management process. It automates certificate provisioning, renewal, and revocation, eliminating the need for manual intervention. With KeyTalk, IT professionals can rest assured knowing that their organization’s certificate infrastructure is in capable hands.

Enhanced Security and Compliance

By leveraging KeyTalk’s comprehensive certificate management capabilities, organizations can bolster their security posture and ensure compliance with industry regulations. With the ability to issue both private CA-based certificates and publicly trusted DV server certificates, KeyTalk offers a robust and flexible solution to meet diverse security requirements.

Centralized Certificate Management

KeyTalk serves as a centralized hub for certificate management. It provides a user-friendly interface through which administrators can monitor and control the issuance, renewal, and revocation of certificates. This centralized approach enhances visibility, simplifies administration, and improves overall certificate governance.

Scalability and Flexibility

KeyTalk is designed to scale alongside organizations’ evolving needs. Whether it’s managing certificates for a small network or a large-scale enterprise environment, KeyTalk can handle the demands with ease. Its flexibility allows organizations to adapt to changing security requirements and seamlessly integrate with existing infrastructure.


By automating the certificate management process and eliminating the need for manual intervention, KeyTalk significantly reduces operational costs. Additionally, KeyTalk’s ability to issue both private CA-based certificates and publicly trusted DV server certificates ensures optimal resource allocation and cost-effectiveness.

Remember, securing your digital infrastructure starts with efficient certificate management, and KeyTalk is the tool to help you achieve that. Embrace the future of certificate management today!


The KeyTalk team