New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance.
We rarely consciously think about the fact that, in this Information Age, many aspects of our private and work lives are only possible because of digital trust that has been built throughout decades. We also usually don’t give much thought to how, exactly, digital trust is sustained, but we do notice when something happens to break it.
Companies can’t help but notice when it happens, too. Whatever the reasons behind them, PKI-related outages are costing them money and may erode their customers’, employees’ and partners’ trust. The 2022 State of Digital Trust Survey found that almost half of consumers have stopped doing business with a company after losing confidence in its digital trust competency.
DigiCert, a global leader in digital trust, and known by many as one of the dominant certificate authorities (CAs) out there, is working to solve that problem.
The company’s newly released DigiCert Trust Lifecycle Manager offers something that enterprises need but do not currently have: it unifies CA-agnostic certificate lifecycle management, PKI services and public trust issuance for a full-stack solution that helps companies discover all of their certificates and manage them efficiently. This provides a seamless digital trust infrastructure that aims to reduce certificate-related outages, limit the attack surface area by ensuring strong trust of all critical digital assets, and mitigate the risk of business disruption or security vulnerabilities.
Remote connections = sprawling certificate landscape
To support a huge remote work force, the number of certificates organizations need to juggle has exploded during the COVID-19 pandemic. It happened at DigiCert, too, says Brian Trzupek, the company’s SVP of Product.
“We had to ramp up systems to support a remote workforce, we had to enable things like passwordless authentication, zero trust, VPN access — and all those things require digital certificates,” he told Help Net Security.
“Companies’ digital footprint, their cybersecurity mesh, and the complexity related to certificates and authentication and PKI as a core trust mechanism that followed these changes has grown.”
More than ever, organizations are facing the pressure to manage digital trust comprehensively. That also means adequately dealing with the problem of the expanding volumes of certificates and a lack of centralized visibility and control to prevent (always unwelcome and often costly) outages and failed audits.
A full-stack solution unlike any other
A good solution should not become part of the problem, and this is where Trust Lifecycle Manager has a leg up on the competition: as a full-stack solution, it not only offers CA-agnostic certificate lifecycle management but also DigiCert’s best-in-class public trust issuance and PKI services to give companies all the tools they need to issue and manage certificates throughout their lifetime, regardless of use case, certificate type or certificate authority issuing the certificate.
There are software companies that offer CA-agnostic certificate management and integrate with many CAs, but they don’t have the ability to issue publicly trusted certificates and don’t offer robust PKI services (private CA creation, management and turnkey certificate policy and administration). They also don’t match Trust Lifecycle Manager’s ability to issue and manage end-entity certificates at scale for user and device authentication. Furthermore, since these companies are not CAs themselves, they rely on API integrations into CAs such as DigiCert, Trzupek pointed out.
When other vendors suffer a broken connection between their certificate lifecycle automation solution and a CA’s APIs, for example, their solution is effectively the source of the outage.
“Because we control that full stack top to bottom — the issuance, the software, the integrations — and simultaneously make changes throughout, we have reduced dependencies and are not a contributor to potential outages and downtime. That’s something that customers have been asking from us for a very long time, and we are happy to have now delivered.”
And that’s not the only advantage to using Trust Lifecycle Manager, he says: it offers self-service issuance capabilities and deep integrations that simplify the complexity of certificate and PKI management. These features automate last-mile installations and support increased productivity across IT, security operations and IAM organizations.
One central place to manage trust
Trust Lifecycle Manager is a digital trust solution that unifies CA-agnostic certificate management and PKI services.
Customers can discover new and manage existing certificates, all from one central point. The solution also has automatic or one-touch provisioning capabilities, to support scenarios in which lights-out automation is preferable (e.g., when deploying a huge number of device certificates via Active Directory [AD] or through a group policy object [GO]), and scenarios when it’s inadvisable (e.g., when the installation of certificates is performed on production systems).
On the PKI services side, Trust Lifecycle Manager streamlines the managing of identity and authentication of users and IT resources by:
- Allowing rapid CA and ICA (Intermediate Certificate Authority) creation and configuration and use of pre-configured and customizable user, device, and server profiles.
- Providing manual and automated enrollment and authentication methods and integration with IAM technologies like AD and mobile device management.
DigiCert empowers customers with pre-configured, customizable certificate templates backed by the company’s 20 years of experience. This helps customers avoid time-consuming troubleshooting when it comes to supporting well-documented technologies and connections, Trzupek noted.
Last but not least, there is a REST API that allows the integration of other tools, and supports technology providers and vendors building integrations and support into Trust Lifecycle Manager for their solutions, with the goal of endpoint automation.
Flexible deployment anywhere and always centralized
Trust Lifecycle Manager is delivered via the DigiCert ONE platform, which supports flexible deployment on-premises, in private and public clouds, as a managed service from DigiCert, or a hybrid solution.
DigiCert ONE offers other important digital trust solutions for organizations to have under a single pane of glass. This broad spectrum of enterprise needs includes: IoT device trust with certificate provisioning and management, automated software code signing, document signing, authoritative DNS services, and more. DigiCert ONE is a platform for delivering comprehensive digital trust, but customers can deploy just the tools they need.
Trust Lifecycle Manager also enables companies to manage their PKI use cases according to their security policy preferences.
“Our traditional architecture allows us to offer PKI-as-a-service — where we offer a SAAS solution for customers to manage the PKI — but the customers can also put it in their cloud and just use us to manage the PKI aspect. Customers that have data sovereignty, national citizen or key sovereignty needs can run the entire stack on-premises, under their full control, connected to their hardware security modules. We support all those deployment models with the exact same code base,” Trzupek pointed out.