Certificate Lifecycle Management

Background PKI Infrastructure
key management

Manage certificate expiry and reap the benefits

Cogito's Certificate Lifecycle Management prevents unplanned outages by managing certificate expiry. Jellyfishes Certificate Lifecycle Management (CLM) capability includes a full Configuration Management Database (CMDB). This is also known as an Asset Management tool as well as an Identity and Access Management (IdAM) capability. This allows the CLM to build relationships between users, devices, applications, services and the certificates generated for this. This makes Jellyfish unique in that it is business outcome centric, not just certificate centric. It also allows for better integration between other components in the technology stack.

The Certificate Lifecycle Management functionality prevents unplanned outages in in a number of ways. They are:

Certificate automation

Certificate automation is the automatic registration and generation of certificates for users, devices, services and applications as well as the renewal of these entities’ certificates automatically. This is the primary method by which the CLM assists in avoiding an unplanned outage. It has the added benefit of reducing the workload of ICT staff. Jellyfish offers the following automation methods:

Certificate notifications

The Jellyfish CLM tool provides automated notifications which can be customised to the individual business needs. These notifications can be sent via email automatically to a default group and even sent to an individual for a specific individual certificate. Webhooks can also be used for notifications and the REST API can also be used to query for this information. 

Certificate reporting

Detailed reporting not just on certificates but on the users, devices, applications and services that use them is an invaluable tool in the fight against certificate based unplanned outages. It also aids an ICT team in other ways such as improving the security posture of the systems and services they support. The advanced reporting tool within Jellyfish has the ability to report on any facet of a certificate or on the entity that certificate is used for or by. These reporting capabilities are customisable and complex searches can be created and saved for future use. The Boolean based capability not only supports a diverse array of positive searches but also allows for the exclusion, or combination of information in order to get the exact information that the organisation requires.  

Reporting information can also be downloaded to form reports in other systems such as business intelligence systems or in excel spreadsheets for graphing. All of this capability is also available via our REST API allowing any system or service that has the requisite authorisation to access this capability. 

Discovery

Our Discovery tools discover certificates on network and inside of devices. Discovery also builds relationships with certificates to make managing and reporting far better and service centric. Discovery does this through two mechanisms. They are network based where no client is required to request certificate information from devices, services and applications. The second method that can be used in conjunction with the network-based approach is a client-based approach. This is used where certificate information is not available to network-based services. This could be because the device does not allow access to the certificate from a network connection or where there is no ability to have discovery components reach into that network segment. 


Bring your own CA 

Jellyfish offers a worldclass enterprise grade certificate authority, natively built to integrate with the CLMS: Jellyfish CA. Keep your security posture strong by migrating your existing Certificate Authority into the Jellyfish ecosystem using the Jellyfish live migration and high availability capability. Keep your existing CA online, while replicating it’s certificate and keys for a staged rollout at your own page. 

Jellyfish supports integrating directly with an existing on premise CA, gain all the benefits of a CLMS without the complexity of migrating or green fielding a new PKI. Jellyfish supports all industry standard PKI providers and Certificate Authorities: 

  • Entrust Security Manager 
  • Verizon EJBCA 
  • Windows AD CS 
  • Unicert Certificate Authority 

And many other PKI systems, whatever your current PKI provider, we will enhance your workflow and security posture with the Jellyfish CLMS. 


More than just a CLM…

Jellyfish offers full credential and key management. It is much more than just a Certificate Lifecycle Management platform. It can also do: 

  • Full Certification Authority capability allowing the replacement of other CA products 
  • Token management (also known as a Card Management System and a Card Application Management System) 
  • HSM Key management 
  • Mobile credential management 
  • Configuration Management Database 
  • Infrastructure Monitoring tool 
  • IdAM based automation services 
  • Audit tool for log Integration tool for SIEM solutions 

The benefits

A single pane of glass to increase security and cut costs with both active and automated capabilities built in.

jellyfish-benefits

Certificate Lifecycle Management Functionality


Certificate Lifecycle Management components:

  • Credential management (PKI smartcard and soft certificate management, discovery, OTP, SSO)
  • Encryption (DB, tokenizer, app, VM, file/folder, BYOK, HYOK, email in transit and in the cloud e.g. O365 native encryption
  • IdAM core for create, update and delete
  • Full data sync
  • Others include: CASB, perimeter and end point protection, penetration testing, MBM, biometrics

Certificate capability

  • Automation (e.g. Certificates for Windows, Linux, Network Equipment, etc) 
  • Integrations with other platforms (e.g. ServiceNow, Remedy/BMC, Digicert, Lets Encrypt). 
  • Notifications 
  • Boolean Search 
  • Reporting 
  • Manual Cert issuance 
  • Anonymous capability 
  • Cert Discovery and CA Polling 

Automation options

  • Microsoft Automatic Enrolment Protocol (AE) both old and new versions. 
  • ACME and ACME+ 
  • SCEP 
  • ITSM (eg Service Now) 
  • REST API 
  • JF Portal (for manual issuance) 
  • Cert Discovery and CA Polling 

Automation - REST API 

What else can Jellyfish do? 

  • CA Management (cross platform) 
  • HSM Management (Thales/Gemalto) 
  • Full Card or Token Management capability (e.g. smartcards, Yubikeys, Mobile Devices, etc) 
  • Key Management – Generate and Manage keys for BYOK AWS, BYOK Azure and other platforms needing Asymmetric and Symmetric Key types such as RSA, ECC, AES and 3DES. 
  • SIEM integration for search and reporting 
  • Supports MFA (e.g. OTP, Soft Certs, Smartcards, Yubikey, FIDO2 etc). 
  • Multi-tenancy and multi-organisation (sharing or not sharing capability) 

We support many token-based options


Unique points of difference:

  • Cost - we pride ourselves on being both best and least expensive 
  • Large CA and automation method support (e.g. Let’s Encrypt, Digicert, etc) 
  • Modern microservices architecture (fast, reliable, and scalable) 
  • Green fields not required. Can maintain existing CAs and registration methods 
  • Can bring in credentials from offline and disparate systems manually or automatically 
  • Search and reporting 
  • Relationship between components (e.g. devices and certificates) including full CMDB 
  • More than just one app. Includes Credential, Token and Key Management, CMDB, Analytics, Monitoring, Logging, PACs/LACs, etc 
  • Greater agility for changing customer needs 
Background
Cogito Logo

Experience Certificate Lifecycle Management (CLM) as a Service

Trusted by 5,000+ businesses, SecureSME delivers enterprise-grade PKI and CLM as a Service that scales with your business.