How (and why) to migrate to Nexus’s certificate authority (CA) software

Many organizations feel stranded after their CA software vendors have discontinued their products, including for instance RSA Certificate Manager. “We have created a smooth solution for migrating to our time-tested CA software Nexus Certificate Manager. It is also well-suited for those who want to switch from Microsoft’s ADCS or consolidate their different CA systems,” says Martin Furuhed at identity and security company Nexus Group.

Certificate Manager is a flexible, multi-tenant public key infrastructure (PKI) platform, trusted by a wide range of organizations including enterprises, state departments, defence organizations and service providers.

“Since Certificate Manager is scalable, it’s equally well-suited for a small organization with an internal enterprise identity deployment as it is for a service provider with hundreds of hosted CAs – it can efficiently issue and manage millions of certificates. Organizations such as Volkswagen Group, Nordea, Euroclear and Bundesdruckerei have been relying on our software for many years,” says Furuhed, product manager of Certificate Manager.

A future-proof solution

Nexus has had great success with Certificate Manager ever since its launch in 1996, and is investing heavily in it, says Furuhed.

“We refine it continually to meet new customer needs and to support new standards, so Certificate Manager is a safe choice for those needing a replacement for a discontinued CA software, such as RSA Digital Certificate Solutions. It is also one of the very best choices on the market for those who want a more competent CA solution than Microsoft’s Active Directory Certificate Services (ADCS),” says Furuhed.

Some organizations use several different CA systems, due to historical reasons or different requirements and issuing policies between departments.

“This often leads to problems, so we strongly recommend consolidation. And Certificate Manager is of course very well-suited for this scenario too,” says Furuhed.

Read blog post Why Nexus invests heavily in its certificate authority (CA) platform for its 20th anniversary

Benefits with Certificate Manager

There is a range of benefits to migrating to Certificate Manager – it enables you to:

  • Establish uniform policies, including separation of duties.
  • Benefit from simplified processes.
  • Comply with signature legislation worldwide.
  • Use a certified solution, since Certificate Manager is in the process of being recertified for Evaluation Assurance Level 4+ (EAL4+) according to the international standard Common Criteria for Information Technology Security Evaluation (CC).
  • Issue certificates for multiple Windows domains from a single CA system.
  • Use an integrated online certificate status protocol (OCSP) responder component.
  • Deploy your CA system on either a Windows or RedHat server.
  • Support all important certificate enrolment protocols, including SCEP, CMC, CMP and EST.
  • Relax, since you have a time-tested and future-proof solution.

7 easy steps to migrate

To migrate from your current CA software(s), just follow this smooth step-by-step process in Certificate Manager:

  1. Import the CA certificate(s) from your old CA system(s).
  2. Detach the hardware security module(s) (HSM) from your old CA server(s) and attach it/them to your Certificate Manager server.
  3. Import all certificates from your old CA system(s).
  4. If required, import archived user keys from your old CA system(s).
  5. Import the certificate revocation list(s) (CRL) from your old CA system(s).
  6. Set up the CRL process in Certificate Manager.
  7. Set up processes for issuing certificates with Certificate Manager.


For more information contact us