certEP | certLife | certPushcertBox | certMode

Certificate Management with certLife

certLife is a Windows service for certificate lifecycle management within the Secardeo TOPKI platform. All certificates of a PKI are stored and managed efficiently in a central SQL database. The certLife web frontend is used to perform central administration tasks by a certificate manager. In addition, certLife provides a convenient self-service for users and server administrators via web browser.

certLife benefits

  • Convenient certificate management via web browser
  • Seamless integration with Active Directory
  • Use of Windows certificate templates
  • Administration of additional metadata
  • Role-based access using AD credentials
  • Intuitive search and filtering of certificates
  • Request, approve, publish certificates …
  • Archive and recover private keys
  • Self-service for users and administrators
  • Key pair generation centrally or at the client
  • Autoenrollment for centrally generated keys
  • Status notifications
  • Reporting and statistics
  • REST API for integration of enterprise apps

Management of digital certificates

Intuitive administration via web browser

The administration of the certificates of an organization with certLife is carried out comfortably and clearly over a Web browser. The certificate search form is a basic PKI management feature. With certLife, this search can be intuitively restricted to certificate templates or certain attributes, attribute values and states of the certificate. In addition, there is the possibility of adding additional administration information beyond the attributes contained in the certificate itself and also of searching for them. Archived private keys are reliably recovered by a Key Recovery Agent and, in combination with certPush, securely transmitted to the user.

Flexible key pair generation

certLife supports several key pair generation models. Depending on the client, security policies and organizational issues, these can be generated locally at the client or centrally by the certLife service. This can be done manually by the user or administrator or automatically:

Key pair generation on the client

  • Windows (auto) enrollment via certEP
  • Mobile Device Enrollment via SCEP
  • Linux Certificate Enrollment via SCEP (for example with certX Agent)
  • PKCS#10 certificate request for (web) server


Central key pair generation by certLife

  • Convenient template-based request via the web GUI by the user
  • Extended request via a web form by an administrator
  • Manual download of private keys in standard PKCS#12 format
  • Automated process controlled by AD groups
  • Automated key distribution with certPush

With the central Certificate Autoenrollment, for example, mobile-only users who do not have a Windows computer can be automatically provided with certificates.