Key Capabilities of CERT+

Discovery and Visibility

An administrator can use CERT+ to identify certificates by scanning networks to fetch certificates from AppViewX-managed servers, devices, or certificates.

Discover unknown certificates and keys across heterogeneous environments.
Group certificates and keys, apply access restrictions and assign governance policies.
Monitor expired certificates, notify, and renew certificates on time.
Get a holistic view of certificates, keys, and respective device associations.

Inventory and Management

AppViewX Certificate Inventory serves as a repository for all certificates that have been discovered, uploaded, or enrolled via AppViewX. Administrator can configure role-based access control for these certificates by using Certificate Groups.

Dashboard for Visibility and Monitoring

The dashboard in AppViewX provides a comprehensive view of certificates and certificate hosting infrastructure. It enables users to gain insights into the PKI infrastructure, monitor expiring certificates, and assess security posture. Users can also configure custom widgets to create business-specific views of the certificate infrastructure.

CLM Automation

Certificate automation allows you to automate the certificate lifecycle process across your enterprise using a configurable workflow engine. The platform can automate and orchestrate not only CLM actions but also configure change and process automation as defined by organizational processes.

Access to a catalog of advanced automation workflows for certificate management.
Build custom, event-driven automation using pre-built workflow tasks.
Self-service automation workflows for easier policy-based certificate enrollment.
Certification enrollment allows users to generate a CSR, get a CSR signed by a CA, renew or regenerate a certificate, and reissue a certificate.
Certificate provisioning pushes a certificate to the device and binds it to the application configurations.
Users can leverage additional management actions like revoke a certificate, migrate certificates from one CA to another through CA switch, check for revocation status of a certificate using OCSP and SSL checker to validate the deployment of a certificate.
Integrate with ITSM, ChatOps tools for holistic Incident and Change management, and notifications.
Enforce custom expiration dates or enable auto-rotation of keys.

Cloud and DevOps

Discover, manage and automate certificates across multi-cloud and container environments.
Generate internal certificates for test applications before migrating to external certificates.
Request any certificate and provision it to cloud key stores using a single interface.
Manage certificate enrollment and availability on Vault Keystores for containerized environments.
ACME for easier certificate enrollment.

Secure Key Management

Encrypt and secure private keys in a FIPS-compliant database and secure encryption keys on a vault or a FIPS 140-2 certified HSM.
Use a built-in or third-party password vault to store critical passwords.
Avoid Private Keys on wire by generating them directly on the device.

Certificate and Key Compliance

Standardize certificate provisioning using self-service.
Enforce organization standards through policies for compliance.
Define granular role-based access control and enforce business-specific policies.
Create audit trails for each user and certificate or key-related activity.
Get the certificate and key logs on SIEM dashboards.

IoT and Enterprise Mobility Certificate Management

Get a single SCEP and EST for enrollment requests from IoT and network end-points.
Integrate with EMM/MDM systems and self-service certificate issuance using SCEP.
Intune SCEP for systems managed through Azure Intune.
Standardize certificate management across multivendor platforms.
Use out-of-box integration with vendors to handle certificate provisioning.

SSH Key Lifecycle Automation

Discover SSH keys from Linux and Windows machines
Enforce timebound access to servers by managing keys on both client and server machines.
Discover non complaint keys or hosts not following organization standards.
Report long existing accesses to be revoked.

Alerts & Logs

CERT+ platform alerts you about certificates expiring within a user-configured time frame.
CERT+ stores information about events that have occurred or actions performed by a user for certificate lifecycle management.
CERT+ offers additional alerts to monitor changes to the availability of a certificate on an endpoint.
CERT+ prevents unexpected certificate expirations by providing alerts and notifications to save time and secure the enterprise network.

Groups & Policies

The certificates generated or discovered in the CERT+ platform can be logically grouped for ease of management.
All certificate actions on a specific group can be restricted via role-based access control (RBAC).
The platform comes prebuilt with a default group to which all the certificates identified from managed devices are associated.
Groups are similar to a folder that stores a number of certificates with similar components.
A policy is a set of rules that can be enforced on a certificate group.
A defined set of certificate parameters can be created as policies.
Policies help in enforcing security compliance over certificate creation across the organization.
All the certificates discovered and inventoried are compared against the policy to identify non-compliance.

Administration

This feature aids administrative tasks like saving a certificate keystore password into the password vault, configuring auto-enrollment, certificate authority, device management, certificate profile, programmable certificate authority, programmable application endpoint, job scheduler, certificate attributes, email settings, and actions on expired certificates and certificate history.