certLife is a Windows service for certificate lifecycle management within the Secardeo TOPKI platform. All certificates of a PKI are stored and managed efficiently in a central SQL database. The certLife web frontend is used to perform central administration tasks by a certificate manager. In addition, certLife provides a convenient self-service for users and server administrators via web browser.
The administration of the certificates of an organization with certLife is carried out comfortably and clearly over a Web browser. The certificate search form is a basic PKI management feature. With certLife, this search can be intuitively restricted to certificate templates or certain attributes, attribute values and states of the certificate. In addition, there is the possibility of adding additional administration information beyond the attributes contained in the certificate itself and also of searching for them. Archived private keys are reliably recovered by a Key Recovery Agent and, in combination with certPush, securely transmitted to the user.
certLife supports several key pair generation models. Depending on the client, security policies and organizational issues, these can be generated locally at the client or centrally by the certLife service. This can be done manually by the user or administrator or automatically:
With the central Certificate Autoenrollment, for example, mobile-only users who do not have a Windows computer can be automatically provided with certificates.
A user needs his S/MIME certificate and private key on all his Windows workstations. Furthermore, in order to decrypt old e-mails he needs access to his expired certificates with the complete key history. With the additional software component certWin Client, the local Windows certificate store of the logged-in user is automatically synchronized with the complete key history from the central TOPKI key archive via certLife REST API. This also happens when logging on to other Windows systems, so that the user always has access to all encrypted e-mails regardless of the workstation and can digitally sign and encrypt new e-mails without any effort.