Why Certificate Management?

essendi xc - central hub for all certificate management processes
Airport hubs are digital and logistical masterpieces. Like magic the processes seem to interlock, run automatically and in the end baggage, goods and passengers land worldwide where they are expected.

essendi xc works in a very similar way: as the central hub of certificate management, it records all certificate processes and controls them in a bundled manner. Regardless of whether they were predefined in the hub or manually triggered via the self-service portal. The xc dashboard and the overview pages provide a comprehensive and central overview of the current status quo of the certificate inventory and the ongoing processes. For this purpose, all processes are monitored and controlled by xc. This allows certificates to be automatically applied for, renewed, revoked and even distributed to the target system.

Unfortunately, we cannot explain to you how the processes run at the airport. However, we are happy to offer you a closer look at certificate management and its impact on different management areas in companies.

View More

Among other things, certificates are needed for unique identification in the digital space. Here they are comparable to an identity document. Like identity documents, certificates contain information that is necessary for verification, e.g.

  • the name of the issuer
  • the name of the owner
  • the public key of the owner
  • a validity period or expiry date (validity)

In addition to unique authentication, certificates ensure the following properties during data transmission:

  • Integrity: The data was not changed during transmission.
  • Secrecy: The data was not read by third parties during transmission.
  • Verifiability: The data was verifiably sent from a specific sender to a specific recipient.

Certificates therefore secure the digital data flow and guarantee the unique identification of the communicating systems. They thus play a key role in IT security. In order to maintain smooth operations and at the same time minimise business risks, it is important to pay attention to efficient processes. Therefore, careful certificate management is important. Certificate management creates transparency about the certificates in use by the company through documentation:

  • What types of certificates are used where in the company?
  • What is their function (encryption, signature, ...)?
  • Who ordered them them from which certification authority (CA)?
  • How long are they valid?

Modern certificate management not only serves to administer existing certificates, but also includes comprehensive lifecycle management. This includes certificate renewal, installation in target systems and the withdrawal (revocation) of compromised or invalid certificates.

Certificate management affects the following management areas in the company:

  • IT Security Management
  • Compliance / Security
  • Risk Management
  • IT Process Management
  • Certificate Assets
Man hält eine Lupe in der Hand und schaut auf sein Tablet


Certificate management obviously plays a role in your company's IT security strategy and IT security management. The more certificates a company has, the more relevant is a conscientious management.
Certificate management combines all components that are involved in the certificate area:

  • Certification Authorities (CAs)
  • External and internal public key infrastructures (PKIs)
  • Hardware security modules (HSMs)
  • Target components inside and outside the network, e.g.
  • User management systems
  • Central process management systems
  • Central ticket systems (issue tracking systems)
  • E-mail signatures (electronic signatures)

All components are available in different versions. The large number of actors involved increases the complexity of setting up a uniform and standardised certificate management system. The different variants of certificate management range from a simple spreadsheet to a specialised tool like essendi xc. A specialised solution not only helps you to keep track of all components in a structured way, but also automates and simplifies complex processes.

Compliance / Security

In the IT security environment, the term compliance stands for adherence to defined standards. Therefore, certain specifications must be adhered to in most companies. In addition to storage locations and the composition of file names, the length and composition of passwords as well as their change frequency are familiar to all employees.

View More

However, legal requirements (e.g. DSGVO), regulatory standards (e.g. ISO/IEC 27001, NIST) go beyond the internal standards mentioned above. In addition, there are requirements from institutions such as the CA/Browserforum or ETSI (European Telecommunications Standards Institute). These standards define the requirements for encryption parameters, validity periods or signatures (ZertES Swiss Signature Act, EiDas European Signature Act).

Compliance also aims to minimise risk in the area of certificate management. The requirements for the management and handling of digital certificates and cryptographic keys are recorded in guidelines and standards such as ISO/IEC 27001 or NIST.

For example, ISO/IEC 27001 requires "to develop and implement a policy for the use of cryptographic measures" to ensure the protection of information in the Annex under A.10. Furthermore, the use, protection and lifetime of cryptographic keys should be developed and implemented throughout their lifecycle. Last but not least (A.18.1.5), cryptographic measures shall be applied in compliance with relevant agreements, laws and regulations. The continuous improvement of existing information systems is also required under number 10.

A certificate management system like essendi xc takes all applicable requirements into account. It creates a concept for the application of keys, shows the procedures used and documents the life cycle of the keys in an audit-proof manner. This means you are prepared for every audit in the area of certificate management.

Hand zieht roten Bauklotz aus Klötzchenturm

Risk management / System failure

An invalid certificate can paralyse a business, as in the worst case the entire digital communication - from email traffic to production facilities - is interrupted.
In rare cases, the certification authority has to be changed at short notice. Even then, certificate failures can occur if certificates of the old CA are no longer valid and those of the new CA are not yet installed or activated. Certificate management should therefore also be considered in risk management.

View More

The following examples can be included as risk factors in monitoring:

  • Unscheduled expiry of certificates. The term of certificates is constantly shortening. This also increases the risk of certificates expiring in the portfolio (Risk: Digital communication comes to a standstill).

  • Certificates use too weak encryption parameters (Risk: Key material falls into the wrong hands. Confidential communication is no longer protected).
  • Discrediting of the CA used (Risk: Due to insufficient certificates, websites, emails or signatures are shown as untrustworthy).

  • Certificates issued incorrectly by the CA (Risk: The certificates can be misused; invalid certificates lead to operational disruptions).

Without certificate management, these risks would possibly only become apparent when systems fail. Automated certificate management can therefore help to reduce operational risks.

Mann tippt am Laptop

Process Management

IT process management consists of a multitude of different internal and external components. It connects the various IT infrastructures that interact in your company:

Internal components External components
  • Users of digital certificates
  • Security Admins / PKI Admins / Crypto Teams
  • Auditors
  • Management
  • Different CAs
  • Different HSM providers, if applicable

Certificate management is particularly important in IT process management, because this is where the coordination of business functions with IT is concerned. The different systems must be able to communicate with each other at all times. Business processes only run smoothly if authorisations are stored correctly and the systems can identify themselves unambiguously. It is precisely this identification and the authorisation controls that are secured via certificates.

Certificate Assets

Certificates are the foundation of all secure digital communication. As more and more devices and applications in every company communicate with each other in a secure manner, the number of certificates required for this purpose is also increasing. At the same time, however, their validity period is constantly decreasing for security reasons. In order to avoid failures, comprehensive certificate inventory management with precise documentation is necessary.

View More

The documentation forms the basis for

  • Quantity handling

  • Analysis and evaluations
  • Transparency

  • Alerting

The best-known best-practice guideline for IT inventory management is ITIL. This open standard takes into account the need for binding targets for process and service-oriented IT service management due to the increasing complexity and vulnerability of the IT infrastructure. It aims to improve service quality while reducing costs.

From the analysis of asset data, misuse can be identified if necessary. As a result, IT asset management is also linked to IT risk management. This contributes to increased security.

The points of contact with various management areas make essendi xc the central hub for all processes related to digital certificates.

We will be happy to provide further information in a live demo.