Continuously growing certificate inventories in increasingly complex environments pose a risk for companies: unexpectedly expired certificates can jeopardize operational security, lead to legal consequences, and cause lasting damage to the company’s reputation. The entire management process – from monitoring to requesting and renewing certificates, through to their distribution to the surrounding end systems – is time-consuming and ties up valuable resources. The use of different CAs and the ever-shorter validity periods of certificates make handling even more difficult and drive up process costs. Without professional tools, the effort required for certificate management is enormous and can hardly be managed by administrators. To address these challenges, essendi it GmbH, based in Schwäbisch Hall, has developed an application for the efficient management of digital certificates (X.509). essendi xc simplifies, automates, and optimizes certificate management. The software supports the entire process chain – from the request to renewal through to installation. essendi xc helps companies maintain an overview of their certificate inventories and their validity periods, thereby reducing the known risks.

PKI administrators of large IT environments know the challenges that need to be solved when it comes to certificate management: certificates are required in numerous places, must be requested, and are often distributed manually. The certificate inventory must be continuously monitored to ensure timely renewal of certificates. In practice, insecure transmission methods are often used to deliver certificates and associated keys to the corresponding device. The risk of impairing the operational capability of systems is ever-present.

New application areas for certificates are constantly emerging, particularly decentralized devices from the Internet of Things (IoT) sector and embedded systems. They significantly increase the number of certificates to be managed, and certificate handling becomes technically more complex. Managing this task is hardly feasible without tool support.

This is where the xc Agent Management product comes in: the software module extends essendi xc with automation functions required for cross-network requesting and deployment of digital certificates in distributed systems and organizations. With the help of the “agents,” systems supply themselves automatically, securely, and intelligently. The xc agents, developed specifically for this purpose, are installed on the target systems and communicate directly with the central xc Agent Management (pull principle). The xc Agent Management links the agents’ requests with the configuration stored centrally in essendi xc and ensures certificates are tailored precisely to requirements. Both the initial provisioning and ongoing monitoring and management are automated in this way: during the initial provisioning of new components, key material – in particular the private key and CSR – is generated decentrally, then issued or renewed through the central essendi xc management and delivered to the decentralized component or device. The private keys never leave their place of origin; they remain on the decentralized component.

In the xc central system, so-called profiles are used to equip certificates with the required attributes. Private keys remain on the target system; only the certificate itself is managed in the central certificate inventory of essendi xc. The central certificate inventory is continuously monitored, and when certificates expire, a renewal process is automatically triggered. The corresponding xc agent takes up this process and handles the request and installation of the new certificate without any manual intervention. xc agents are also designed for large system landscapes with many certificates. In this way, more than 10,000 certificates per hour can be issued or renewed fully automatically.

Subscribe to the free essendi it newsletter.

SIGN UP NOW AND STAY INFORMED.