certEP | certLife | certACME certPushcertBox | certMode

certBox – PKI directory server for end-to-end encryption

The Secardeo certBox is a PKI directory server (certificate server) that serves for two tasks:

  • Secure publishing of internal public key certificates
  • Global retrieval of external X.509 certificates or PGP keys

By this, the certBox enables global PKI based end-to-end encryption. It solves one of the major challenges of user PKIs today, where users have to exchange their email encryption certificates manually. With the Secardeo certBox a user can now seamlessly exchange encrypted e-mails using Outlook or other standard applications with any external recipient. This can be extended also for mobile users using certMode.


The outstanding advantages of using the certBox are:

  • Completely transparent to the user – security made easy
  • End-to-end encryption from your device – significant increase of security
  • Zero time efforts for exchanging keys – considerable cost reduction
  • Advanced access control for certificate data – fulfills data protection requirements

Securely publishing digital certificates

In order to encrypt for your internal employees, external partners require your public certificates. Providing an external access to internal directory services like Active Directory via LDAP buries unacceptable risks for an enterprise. The Secardeo certBox enables the secure access to the enterprise’s encryption certificates. This can be achieved in the operational mode as a secure LDAP proxy or as an external public key directory (certificate repository, keyserver). Searching for X.509 certificates can be done automatically with standard e-mail clients using LDAP. Users may also download certificates manually by protected web forms. Address harvesting attacks will be defeated efficiently and internal directory structures remain hidden. The certBox may also be used for publishing certificate revocation lists for HTTP or LDAP CRL download. The certificates being published by the certBox may be synchronized automatically with Active Directory via LDAP.

Global Certificate Retrieval

Searching for external digital certificates by Outlook and other client applications is done automatically via LDAP. A user can also download certificates manually via HTML browser. The certBox provides a high grade of PKI interoperability by its integrated PKI directory database. With it, millions of user encryption certificates can be found by the certificate broker. Partners who do not provide an own LDAP directory may upload their certificates to your certBox. End-to-end encryption is even possible for recipients who do not have an X.509 certificate using ad-hoc certificates by certBox ICE.

End-to-end S/MIME encryption

Transparent S/MIME encryption is now possible with:

  • Standard desktop clients like Outlook, Acrobat, Mozilla, Lotus Notes
  • Mobile devices like Apple iPhone, iPad or Androids like Samsung Galaxy Sx (using certMode)
  • Without additional software on the device

Easy Deployment

Integration of the certBox into existing networks (DMZ) is flexible and its administration is easily done via web browser.
You can use the certBox functions by your preferred deployment variant:

  • certBox VA – a Virtual Appliance for execution on a VMware or Hyper-V Server
  • certBox Cluster – a highly available and performant cluster
  • certBox Cloud Services – an instant PKI LDAP SaaS solution

certSync – Active Directory LDAP synchronization

Secardeo certSync is a synchronization service for Active Directory user certificates, certificate revocation lists (CRL) and certificate trust lists (CTL). It supports manual or automatic synchronization of these data between Windows Active Directory (AD) and a Secardeo certBox PKI directory server.

The following features are supported

  • Synchronization of user certificates from Active Directory to a certBox certificate store
  • Automatic validation of certificates to be synchronized
  • Synchronization of CA certificates and revocation lists (CRL) from Active Directory to a certBox certificate store
  • Synchronization of certificate trust lists (CTL) from a certBox into Active Directory
  • Cleanup feature for certBox certificate stores (automatic removal of invalid or deleted user certificates)
  • Periodic background synchronization (certSync service)

Free Demo

You can explore the certBox features on www.certbox.org!