In a world of networks, a robust public key infrastructure is essential to ensure trust in digital transactions and protect sensitive information from unauthorised access. A Managed Public Key Infrastructure is a PKI solution for certificate lifecycle management. It is managed by an external provider and enables the

  • generation
  • storage
  • distribution and
  • validation

of digital certificates. Examples include SSL/TLS certificates (formerly SSL certificates), S/MIME or code signing certificates.

The Managed Service allows complex key management tasks and processes to be outsourced. This helps to efficiently manage the digital security infrastructure. With a Managed PKI, organisations can standardise and improve the security of their IT infrastructure. At the same time, they need to use less internal resources for the complex management of certificates and keys.


The Difference between an In-house PKI and a Managed PKI

Key Features of a Managed PKI

Benefits of a Managed PKI

The Managed PKI Provider’s Role in Key Management

Use Cases

Challenges and Solutions

What is the difference between an MPKI and a Certificate Management Tool?

Checklist: What makes a good MPKI?


With a Managed PKI, companies can standardise and improve the security of their IT infrastructure. At the same time, they need to devote fewer internal resources to the complex administration of certificates and keys.


The Difference between an In-house PKI and a Managed PKI

An in-house PKI is run by a company itself. This requires significant resources in terms of hardware, software, extensive expertise and ongoing maintenance.
In contrast, a MPKI is outsourced to an external service provider. The service provider assumes responsibility for the entire PKI management (automated PKI management) and provides expertise and scalability. This is also known as PKI-as-a-Service.
The Managed PKI relieves companies of the administrative tasks of running a PKI. In addition, compliance with current standards can be guaranteed at all times thanks to the expert provision of the service. An MPKI can therefore be a cost-effective and efficient alternative to an in-house PKI.

What is Public Key Infrastructure? What are the processes involved in certificate issuance? Find out in our magazine.

Key Features of a Managed PKI

  1. Outsourcing of PKI management: Responsibility for the entire PKI is outsourced to an external service provider. The service provider is responsible for the generating, distributing, managing and monitoring of digital certificates. Depending on the customer’s requirements, this may include public key and/or the private key management.
  2. Expertise and Security Standards: Managed PKI providers have expertise in cryptography and security. They implement proven security standards to ensure a reliable and secure infrastructure.
    This is an added benefit in times of skills shortage. Organisations do not need to hire their own specialists. Instead, they can tap into the provider’s qualified skill resources.
  3. Scalability and flexibility: Companies can scale their external PKI resources as required. There is no need to upgrade their own infrastructure. This flexible and cost-effective solution can be quickly adapted to changing requirements.
  4. Centralised administration: A central platform enables easy digital certificates management (managing certificates). Companies can access and monitor their security resources regardless of the geographical distribution of their IT infrastructure.

Hände zeigen aus dem Bildhintergrund auf Icons rund um den Schriftzug PKIBenefits of a Managed PKI

  • Reduced risk: Companies benefit from the expertise and experience of a Managed PKI provider. This reduces the risk of security gaps and misconfigurations.
  • Faster implementation: An external PKI solution can be set up more quickly than an internal infrastructure. The service provider has established processes and systems in place.
  • Cost transparency: Managed PKI costs are easier to predict and control because they are based on a clear billing model. This allows for more effective budgeting compared to internal PKI operating costs.
  • Regular updates and compliance: Managed PKI providers are responsible for regular updates and security patches. This helps to ensure that the infrastructure is always kept at the latest security level. This means it is always compliant.
  • Individual user profiles: User profiles and user groups enable the personalised management of access rights and certificates in a Managed PKI. By assigning specific user profiles, access to critical resources can be controlled and monitored.
  • Auditability: A certified Managed PKI uses industry-proven and controlled security standards. This creates transparency and trust. It facilitates the audit process and strengthens the security of key management.
  • Mass handling: A Managed PKI facilitates the bulk handling of certificates through centralised administration and automated processes. This reduces the administrative overhead, improves scalability and increases the reliability of certificate management.

The Managed PKI Provider’s Role in Key Management

The Managed PKI provider plays a central role in key management:

  • It supplies a highly secure environment for storing private keys.
  • It enables the efficient distribution of digital certificates to users.
  • It ensures that the security infrastructure is always up to date. This is achieved through regular updates and blocking mechanisms. This enables a rapid response in the event of a compromise.

It also helps organisations to comply with security policies and requirements related to key management.

>Krankenschwester stellt OP-Monitor einUse Cases

A Managed PKI is beneficial for industries that process sensitive data or rely on secure communications. In particular, companies in the KRITIS sector (financial services, telecommunications, energy, healthcare) benefit from the high level of data protection provided by a Managed PKI:

  • Encryption of financial transactions, patient data or communications
  • Authentication of communication partners and devices
  • Securing networks

Challenges and Solutions

There are several difficulties that can arise when implementing a Managed PKI:

  1. Complexity of the environment: Integrating a Managed PKI into an existing IT infrastructure can be complex. Existing systems and different platforms need to be taken into account. Coordination with existing processes and applications requires careful planning.
  2. User acceptance and training: New security measures and authentication methods may be met with resistance from users. Training helps users to use the new technologies correctly. Extensive communication promotes acceptance.
  3. Security and compliance requirements: Compliance requirements are usually industry-specific. Careful configuration and monitoring are required to ensure compliance. This is the only way to ensure that the processes meet with the required security policies.

The solution requires

  • careful planning
  • clear communication and
  • close collaboration with experienced Managed PKI providers.

What is the difference between an MPKI and a Certificate Management Tool?

PKI management tools (such as an MPKI) and certificate management tools are closely related, but different concepts.

A Managed PKI is a service provided by a third party. It mainly deals with the generation, distribution, administration and monitoring of certificates and key management.

Certificate management systems such as essendi xc can be seen as tools. They are specifically designed to manage certificates throughout their lifecycle (certificate lifecycle management). They can be part of a self-operated PKI or a Managed PKI. They enable, for example, the issuing, renewal, revocation and management of certificates. They also offer functions such as automated workflows and monitoring.

The combination of essendi xc with a Managed PKI offers optimal synergy effects in the administration of digital certificates. By outsourcing to an external service provider, PKI administration becomes more efficient and expertise is better utilised. essendi xc acts as powerful middleware with versatile interfaces for the flexible automation and control of certificate processes.

In addition, xc is provider-neutral, i.e. it can be connected to different PKI providers. This is particularly advantageous if the PKI provider needs to be changed quickly.

You can benefit from the expertise of one of our partners and use proven product combinations:

SwissSign Managed PKI (also via PSW Group)

D-Trust Certificate Service Manager

Checklist: What makes a good MPKI?

  • Where is the critical data generated and stored?
  • Which law applies in the event of a dispute? German, Swiss or US law?
  • Which place of jurisdiction applies in the event of a dispute?
  • Does the support speak your language?
  • What is the quality of the support?
  • What are the support hours? Is the hotline difficult to reach due to time differences?
  • How user-friendly is the portal?
  • Are the products well designed and structured?
  • Does the supplier offer all the products you need (trusted and untrusted,…)?

Do you have any further questions about MPKI or certificate management? We will be happy to answer them.