Certificate validity periods involve risk potential

Since 1 September 2020, SSL certificates may only be issued for a period of 12 months. A further reduction in the near future is on the horizon. Considering that recognised studies assume that renewing a certificate takes about 6 hours, having to exchange them recurrently increases this effort considerably.
At the same time, new areas of application for certificates are constantly emerging, e.g. applications in the cloud, containers, digital signatures, decentralised devices from the areas of Industrial Internet of Things (IIoT), Internet of Things (IoT) and embedded systems. As a result, the demand and thus the number of certificates for securing and encrypting data streams is continuously increasing. This significantly increases the quantities of certificates to be managed and certificate handling becomes technically more complex and expensive.
In addition, certificates that expire unnoticed can endanger operational security, result in legal consequences and cause lasting damage to the company’s reputation. But the entire management process – from monitoring to applying for, renewing certificates to distributing them to the surrounding target systems – costs time and ties up valuable resources. If different certificate authorities (CAs) are used, handling becomes even more difficult and process costs increase.
Therefore, certificate management can hardly be mastered without tool support any more.

The Solution: Certificates as a Service (CaaS)

Our CaaS solution combines the certificate management tool of essendi xc with the Managed Personal Key Infrastructure (PKI) of SwissSign. You can automatically apply for, manage and install certificates in the target environments. Connectors create the link up to the last mile and deliver certificates directly into your servers and target devices. Once set up, most processes run automatically.

Thanks to the simple onboarding, you are ready to go in just a few steps and can request, change and revoke certificates independently around the clock.

Certificate management with CaaS

The certificate management tool essendi xc (CaaS edition) is used as a web application. Its dashboard provides an overview of all issued and active certificates as well as the various management functions. Using a wizard, certificates can be requested with just a few clicks on the basis of pre-configurated profiles. The connectors installed in the customer’s system ensure fully automated certificate processes.

CaaS offers the following functions:

  • Automated certificate management (generate CSR on target device, request, issue, distribute, install, renew, revoke certificate).
  • Request and manage certificates via essendi xc agents (centrally controlled pull method)
  • Request and manage certificates via essendi xc ACME-Connector as well as SCEP-Adapter (centrally controlled pull method)
  • Automated and system-guided application processes via essendi xc self-service portal
  • Request, issue and download certificates via wizard
  • Connection to the MPKI of SwissSign
  • Automated renewal of certificates
  • Dashboard with management graphics, inventory list, inventory management functions
  • Information, evaluations and reporting on certificate inventory
  • Monitoring and alerting on expiry

Target environments are e.g. TLS/SSL server, Linux, Windows, IoT/IIoT.

SwissSign certificates and services

The solution includes the purchase of all certificate products and services of SwissSign.

 

 

The technical handling of the trust processes of the certificates is based on a Managed PKI.

Application examples from daily business:

  • Automatic provisioning of Apache / IIS web servers with TLS/SSL certificates DV/OV.
  • Automatic WAF, containers, virtualisation, C/S authentication with certificates DV/OV
  • Supply of devices with personal certificates for authentication in VPNs
  • BYOK / HYOK key management in clouds (M365, AWS, GCP)
  • Provision of IoT/IIoT devices with certificates
  • Requesting DV/OV certificates (wildcard and multi-SAN) via essendi xc self-service Portal

Simple onboarding, operation and support

We accompany you during the company’s prevalidation for organisation-validated certificates. We support you in setting up the local components (essendi xc Agent, essendi xc-ACME Adapter, xc-SCEP Adapter, various Certbots). After that, you are ready to issue certificates automatically around the clock. Should you ever have any problems, our competent telephone hotline staff will help you in German, English, French or Italian.

Additional services and benefits

On the part of SwissSign you will receive advice regarding the certificates they provide.

In addition, we will keep you updated with information about changes in the certificate environment.

 CaaS customer benefits

  • Complete certificate lifecycle

CaaS covers the entire lifecycle of certificates automatically and installs them fully automatically on the target systems. Certificates can be installed in many target environments (TLS/SSL, email, Linux, Windows, Cloud (M365, AWS, GCP, IoT/IIoT).

  • One provider for all certificate products

With CaaS, certificates of all types and for all use cases are managed centrally and uniformly. You obtain certificate management and certificate products from a single source. Contracts can be concluded for a term of several years, certificates are renewed automatically..

  • Support from a single source

Functions and systems are provided as managed services. The application, the certificates and the telephone support are provided by a single source.

  • Two strong and independet brands with long-term experience

Two independent specialists with years of experience are behind CaaS. You receive certificates from a long-standing Swiss trust service provider and certificate management from a German software engineering expert.

  • Convenient and transparent billing

The all-inclusive price is based on the certificate types needed and on the application runtime. You can issue certificates as required at any time during the contract period. Subsequent billing for additional consumption is transparent and takes place conveniently at the end of the billing period. This gives you full flexibility and transparency. You simply pay by invoice. Credit card payment is not mandatory.

  • Local and trustworthy

The certificates and the platform combined in CaaS enjoy a level of trust because they are “made” in Switzerland and the EU. The relevant European and Swiss laws (DSGVO, eIDAS, DSG, ZertES) apply equally to CaaS.

  • Simple and secure

Our cloud solution is very easy to use: apart from the connectors in your systems, no additional software is required, which eliminates additional maintenance.

Thanks to fully automated certificate management, you never run the risk of expiring certificates again. The security of your infrastructure remains guaranteed at all times. This releases more time for essential tasks.

  • Personal and available

Our multilingual hotline is available for support requests. You can reach our staff personally, directly and without time difference.

  • Economical and reasonably priced

CaaS is a cloud-based solution that allows for attractive pricing and makes CaaS interesting especially for small and medium-sized enterprises. The transparent subscription model is all-inclusive, with no hidden additional costs. The set-up costs amortise already within the first year of use.

 

Strong, independet partners and expertise

You can trust in the long-term experience of two independent specialists.

Certificates powered by

SwissSign

  Certificate Management powered by

essendi

SwissSign has two cornerstones: Identity services under the brand SwissID and certificate services under the brand SwissSign. SwissID is Switzerland’s digital identity, which enables simple and secure access to the online world. Thanks to electronic certificates, data can be exchanged in encrypted form and thus protected from unauthorised access. As a Swiss Trust Service Provider (TSP), SwissSign protects all data according to the highest security standards and keeps it in Switzerland. Our company looks back on more than two decades of experience in the IT industry. Founded in 2000, essendi it initially focused on IT solutions in the financial sector. Since then, we have expanded our products and services to the industrial and commercial sector and are now securely operating in various industries.
Our product essendi xc certificate manager is used by well-known customers.

 

We will be happy to advise you

Do you have any further questions or would you like to request a non-binding offer? We look forward to hearing from you.