essendi xc makes all the difference. Certificate management:
smart and secure.

essendi xc certificate management platform

Your certificate process hub.

Our modern and rapidly changing world poses challenges for us: certificates are expiring faster and faster, even as their system environments grow increasingly complex. Unplanned certificate expiries can disrupt operations, create legal issues and permanently harm your company’s image.

Proactive solutions for managing your certificates

Certificate owners can use a self-service portal to delegate certificate applications or handle them directly. In-house compliance requirements (e.g. according to ISO 27001, NIST and others) are observed via templates. For maximum security, certificates can also be exported. Supported export formats are PEM, DER, JKS. Simple and smart.

Step-by-step application preparation and an automated approval process minimize risks and ensure that the right certificates are issued. Simple and smart.

From application and distribution to renewal, we optimise many of your processes with the help of automation. xc supports you, for example, in the lifecycle management of your certificates with auto-renewal functions. In addition, features such as the xc agents installed on the target systems save you valuable time. These agents apply for and renew certificates partially or fully automatically. Simple and smart.
From application and distribution to renewal, we optimise many of your processes with the help of automation. xc supports you, for example, in the lifecycle management of your certificates with auto-renewal functions. In addition, features such as the xc agents installed on the target systems save you valuable time. These agents apply for and renew certificates partially or fully automatically. Simple and smart.

As an all-in-one management system (CKMS) for all types of TLS / X.509 certificate, essendi xc covers the entire certificate life cycle. In doing so, it relies on key policies and status monitoring.

Thus, xc supports your organisation in the day-to-day handling of keys and certificates: From key generation and CSR creation to certificate application, distribution, renewal, revocation or archiving. It supports the following key algorithms: RSA, DSA, ECC. Simple and smart.

Predefined application profiles and assistance logics help the applicant to apply for certificates. Due to the prepared configuration of the required certificate types and further attributes, your internal certificate conventions are mapped according to CPS (Certification Practice Statement). At the same time, they ensure compliance with (e.g. according to BSI Grundschutz, ISO 27001, NIST and others). Standardising the process saves time and reduces the risk of certificate errors. Simple and smart.

Role-based access control and connectivity with your central user directory (LDAP/AD) ensure that users can only access areas and certificates for which they are authorized. As much as needed, as little as possible. Simple and smart.

A centralized, company-wide repository ensures transparency regarding the certificates available in the organization and offers a variety of evaluation, control and verification functions. Simple and smart.

Our centralized dashboard features an array of charts, for a graphic overview of all your certificates. You can use repositories to generate extensive reports and analyses, such as to evaluate certificates according to a signature algorithm or certification authority. Simple and smart.

Comprehensive alert functionality prevents undesired certificate expiry. A sophisticated alert process triggers prompt expiry notifications and renewal reminders for your responsible employees or systems. Simple and smart.

essendi xc offers smart solutions for the distribution and activation of certificates to (remote) target systems: We support agentless methods (push and pull) such as ACME, SCEP, REST, SCP/SSH, Powershell remoting and email as well as distribution to remote environments via our xc agents. Simple and smart.
The target systems include cloud systems, for example via the AWS Secrets Manager, Microsoft Azure Key Vault and of course the operating systems Windows and Linux. The supply of web servers such as Apache, IIS and Tomcat is also supported. Other programmes and appliances such as Outlook or WAFs (e.g. Sophos XG) can also be connected. We will be happy to name further target systems on request.

essendi xc features connectivity for HSMs of renowned manufacturers, to meet the high security demands of your key material. HSMs from the providers Entrust, securosys and Utimaco* (*in implementation) are supported. Others are possible. Simple and smart.

essendi xc offers multi-CA functionality and supports the management of all X.509 /TLS certificates. essendi xc is CA independent and connects your different PKI systems, whether external CA or internal PKI. Trusted and untrusted certificates can be fully and centrally managed at the same time.
We offer convenient interfaces out of the box for the following external certification authorities: D-Trust, DigiCert, QuoVadis, SwissSign, others. The simple connection of internal PKIs (MS PKI, others on request) is also possible.
All certificates. One tool. Simple and smart.

with and without agents

Our xc agent management system complements essendi xc with functions that are required for the network-wide application and deployment of digital certificates in distributed systems or organisations. In addition, there are also agentless methods that can be used in parallel for the M2M application of certificates.

The issuing of certificates in complex infrastructures, such as the global supply of production systems in a branched corporate network, usually requires manual intervention and involves a great deal of risk. The supply of distributed IoT control components also presents companies with new challenges. Our application makes certificate logistics manageable. The processes are automated and centrally controlled. Thus, process costs can be saved.

All certificates. One tool. Simple and smart.

Computercode spiegelt sich in einem Auge

CT Log Monitoring

Even more security with essendi xc in combination with CT Log Monitoring. This new component automatically checks new entries for your own domain. It uses the official CT logs of the certification authorities. If the application detects a forged certificate, it sends a warning message to the admin. The administrator can revoke the certificate via the dashboard with a mouse click. By implementing the Certificate Transparency Standard, the application thus provides significantly more security. And the faster forged certificates are detected, the less damage is caused.

Read more about how CT Log Monitoring works in our magazine.

Astronautin blickt in die Ferne

Certificate-Scanning with essendi cd

A wide variety of certificates are used in every data center and company network. Most are actively installed, but some enter the network unnoticed. They are, for example, pre-installed on new devices or included in software packages. Since neither their existence nor their expiry date is known, they can expire without anyone noticing. The consequences are operational disruptions with potentially serious consequences.
That is why we have developed essendi cd (certificate discovery), an add-on for essendi xc. The cd scans all company directories. It integrates the certificates found into the xc certificate monitoring. It stores all information (e.g. type, owner, expiry date) in the central repository. At regular intervals, essendi cd repeats the search automatically.

remote arbeiten videokonferenz

Learn more in a video call

Do you know your IT system requirements, and are you looking for a viable and proactive solution? If so, our specialized service associates will be happy to help you and discuss your challenges and potential solutions.

Moderne Wolkenkratzer aus der Froschperspektive

xc for Global Player

If you want to stay ahead of the game, you focus on the important things. Routine tasks must be carried out on the fly, but still reliably. Global players know this just as well as hidden champions.
One of these routine tasks is certificate management, which you can confidently hand over to essendi xc. It can be individually adapted to the requirements of your company and the needs of your IT security. Once set up, all processes run automatically.
Thus you gain time to concentrate on your visions.

Would you like more detailed information?