AppViewX’s CERT+ certificate management solution provides a one-stop solution for automated discovery, expiration alerting, renewal, provisioning, and revoking of SSL/TLS certificates and SSH keys across networks, including app servers, web servers, ADCs, proxies, and firewalls. It arms security operations and PKI teams with critical insights to avoid unwanted outages and other issues associated with out-of-compliance certificates. CERT+ integrates with major certificate authorities, including GeoTrust, Comodo, DigiCert, Microsoft CA, and Entrust. The platform recreates a holistic chain-of-trust view for each certificate, indicating the root CA, intermediate CA, and the server/application-level certificates. Users can download/upload certificates and keys, revoke certificates, generate CSRs, and more importantly, renew certificates. Once renewed, these certificates can be pushed to the applications either manually or via an automated process.
As part of the certificate management process, CERT+ must store private keys associated with the SSL certificates. Keeping these private keys secure is paramount to the integrity of the system. A key hierarchy with a series of encryption and encoding steps is used to secure these keys, but at the top of hierarchy is a Master Encryption Key (MEK) that must be protected. Using a FIPS 140-2 certified hardware security module like the SafeNet AT Luna for government to generate and store this Master Encryption Key protects the integrity of the entire hierarchy.