Managed PKI
- Home
- Solutions
- Managed PKI
Complete, centralized control of all certificate, user, and financial activity
- Manage all certificates, users, and financial information from one centralized account
- Pre-vetted domain and profiles for instant certificate issuance
- Combined financial and billing information
- Granular user permissions/delegated administration to define user roles and privileges within your enterprise
- Automate provisioning with APIs and integrations
All certificate types managed under one account:
Secure website and servers (SSL/TLS)
Replace passwords with multi-factor authentication for users, machines and devices
Digitally sign and encrypt emails
Create trusted digital signatures for documents
Enable PKI for mobile devices
Digitally sign and ensure integrity for cod
Centralized control over certificate and user activity
- Revoke, renew, reissue, or cancel certificates with the click of a button
- Control who can issue certificates, what kinds of certificates they can issue, and to which domains or entities they can issue
- Manage multiple departments or business entities from one account
- Combine financial and billing information
Managed PKI Features
Instant Issuance of Multi-functional Digital Certificates
Pre-vetted company profiles and domains mean you can immediately issue certificates to accommodate specific department or project needs – SSL, digitally sign and encrypt email (S/MIME), authenticate users and devices to networks, enable mobile security and authentication, digitally sign Microsoft Office and PDF documents, and SmartCard Logon.
APIs & Active Directory Integration
Automate certificate lifecycles and workflows with APIs and integration with Active Directory. By leveraging existing Active Directory investments, you can automatically provision certificates to all domain-connected users, devices, machines, and servers without the burden of managing PKI in-house.
Flexible Business Terms & Unlimited Issuance Licenses
Managed PKI offers significant volume discounts over purchasing individual certificates. Choose from various purchasing options, including Pay as You Go, deposit method, and unlimited issuance licenses for increased flexibility with budget planning.
Multiple Organization Profiles
Register multiple companies or departments (profiles) under one account. Ideal for umbrella entities needing to manage certificates for several subgroups, all certificate activity can be monitored, managed and centralized from just one account.
Granular User Permissions
Account administrators can control which staff members can apply for, approve, renew, and revoke certificates at the domain or profile level, ensuring only approved staff can access certificate activity
No Hidden Fees
You only pay for certificates. There are no setup, hosting, or re-issuance fees, and we do not charge for multiple profiles or extended key usages.
Dedicated Intermediate CAs
Branded intermediates, roots, & hierarchies hosted & maintained by GlobalSign
Control your chain of trust without managing PKI in-house
Dedicated intermediate CAs (ICAs), sometimes referred to as subordinate or issuing CAs, are used to issue end-entity certificates exclusively for one specific company. Having your own ICA or hierarchy gives you greater control over the chain of trust in your ecosystem, allowing you to only trust certificates issued from your trust model.
These CA hierarchies can be public or private trust and are branded to the customer, but they are hosted and managed by GlobalSign in our Web-Trust audited, secure data centers.
Relying on GlobalSign to host your ICAs and roots ensures all CA components are properly protected and configured in line with the latest industry best practices – eliminating the cost and resource burden on internal teams to manage PKI.
Reasons for Using a Dedicated CA or Root
Below are a few of the most common reasons a company would want their own intermediate CA or private hierarchy. This list is not exhaustive and we can support a variety of hierarchy and trust options.
Client Authentication
Certificate-based client authentication often validates certificates based on an intermediate CA. By having an exclusive subordinate CA, you can limit who has certificates that grant access to a system. These use cases generally use private trust hierarchies.
Branding
For companies that offer certificates to their end customers or bundle them into their services, having a dedicated subordinate CA in their name can offer some additional branding opportunities.
SSL/TLS Inspection/Decryption
In order for an SSL inspection appliance to decrypt and re-encrypt content, it must be able to issue certificates as needed. This means it needs its own subordinate CA and it cannot be publicly trusted. For this use case, GlobalSign hosts the root, and the ICA is hosted on the customer's inspection appliance.
Custom Profiles
You can configure a subordinate CA to meet your specific needs regarding extended key usage, certificate policy, CRL distribution, short-lived certificates and more.
Special Use Case Certificates
Certificates issued under private hierarchies can support legacy application and unique configurations, such as longer validity periods and smaller key sizes, that are not permitted in publicly trusted certificates per CA/Browser Forum Baseline Requirements. Note: if you only need private SSL/TLS, but not your own intermediate, we offer this through our Intranet SSL product.
The Role of PKI in DevSecOps
- Automating PKI security is a growing requirement for DevSecOps teams, with a growing threat landscape, a widening skill gap and a comparatively small implementation cost.
- DevSecOps can relieve teams of the pressure of managing asset and key security through automating many security processes and reducing the need for resources.
- Automation can help with scalability, visibility, efficiency and compliance across your DevSecOps pipeline. so let GlobalSign take certificate management out of your head and into our hands.