Why Nexus invests heavily in its certificate authority (CA) platform for its 20th anniversary

Identity and security company Nexus Group has boosted the development team of its certificate authority (CA) platform Nexus Certificate Manager by 50 percent for its 20th anniversary, and announces new functionality and quality guarantees. “The digitalization of society increases the demand for trusted identities for people and things, and PKI has seen a major upswing in popularity – that is why we invest heavily in Certificate Manager,” says Magnus Malmström, Vice President Product at Nexus.

The security method public key infrastructure (PKI) is used to implement strong authentication, data encryption and digital signatures.

“When everything that can be digital is becoming digital, trustworthy security mechanisms are needed. PKI has proven to be the best choice, for both people and the internet of things (IoT). A reliable CA software is a prerequisite for a stable PKI solution, and we have seen a sharp increase in the demand for Certificate Manager,” says Malmström.

Certificate Manager is a flexible and scalable CA software platform, used to issue electronic identities (eIDs) to people, software and things. It can manage the full life-cycle of all kinds of digital certificates used to ensure the trustworthiness of the issued eIDs.

“Trusted identities are the foundation for all security, and they are what enables the implementation of the mutual authentication, data encryption and digital signatures,” says Malmström.

PKI – enables trusted identities

When it comes to people, there are three main scenarios for PKI usage: enabling trusted identities for workforce members, online customers, and citizens. The trusted identities are used for everything from enabling contracts to be signed online, to granting secure access to physical and digital resources.

In IoT, all connected things need a trusted identity to be able to communicate securely with other things and people. There are different scenarios for PKI usage in IoT, and one very important is to fulfill the opportunities with Industry 4.0.

“We see a growing interest from the European industry to use PKI as the foundation for this fourth industrial revolution, which will transform the entire systems of production, management and governance,” says Malmström.

Many large-scale CA implementations

A current example of the strengths of PKI in IoT is its protection of the devices that constitute the infrastructure of LTE (4G) networks.

“More than twenty mobile operators are now putting their trust in our future-proof (5G), cutting-edge technology, instead of using, for example, passwords,” says Malmström.

Several other new, important customers have also decided to license Certificate Manager during 2016, and the software is now used for issuing and managing many millions of eIDs.

“Certificate Manager’s reliability is verified by numerous large-scale, critical CA deployments, but even so, we are humbled by the trust all the banks, defense organizations, device manufacturers, and other organizations all over the world put in our CA software.”

Certificate Manager first saw the light of day 20 years ago, and during its childhood years PKI was regarded as a too complicated and expensive method by some, according to Malmström.

“This has led some of our competitors to discontinue their CA softwares. Now that it is clear that PKI is not only here to stay, but is growing considerably, we are getting a lot of questions about how to migrate from, for example, RSA Digital Certificate Solutions. This can be accomplished by moving data in a migration process,” says Malmström.

And since Certificate Manager is up to date to meet current and future security challenges, PKI no longer has to be complicated or expensive.

Nexus PKI-solution in Gartners rapport

PKI’s resurgent importance has been widely acknowledged, for example by Gartner:

“PKI has been a quiet yet foundational security tool for identity professionals for two decades. The IoT, mobility, certificate life cycle handling, scale and new deployment options create resurgent interest in PKI, its potential disruptors and its vendors,” writes Gartner analyst Erik Wahlstrom in the August 2016 report “PKI Is Gearing Up for the Internet of Things,” in which Nexus’s PKI solution is included.

Malmström thinks PKI might even play a bigger role in the future than some expect.

“There is a lot of talk about big data, but if you are to really accomplish anything with the help of the data or if you want to sell the data, you have to assure its integrity. PKI is the best method for this too,” says Malmström.

The bright future for PKI combined with Certificate Manager’s good position on the market made it an easy decision for Nexus to invest heavily in its CA portfolio, according to Malmström.

Support for all major publishing protocols

“Certificate Manager has an amazing track-record, and it feels great to be able to announce that we are boosting the quality and functionality even more,” says Malmström.

Certificate Manager now issues qualified digital certificates according to the EU regulation eIDAS. Its certificates are also qualified according to the definitions of, the organization European telecommunications standards institute (ETSI), and Swedish public authority E-identification Board’s test environment EID 2.0.

“We also have support for all major certificate enrollment protocols, such as CertEnroll, SCEP, CMP and CMC. And we are soon launching support for the latest standardized certificate enrollment protocol, EST, which we are very excited about,” says Malmström.

Nexus is also collaborating with the Swedish non-profit research organization SICS Swedish ICT on the new, super light-weight and fully automated protocol CEBOT.

“We are also cloudifying Certificate Manager even more, that is, making it even easier to run in the cloud. We have created a new web interface, and we are launching a REST API, which enables customers and developers to build customizations for revocation and registration of devices more easily,” says Malmström.

Contains all the CA needs

Certificate Manager supports multitenancy, which means that several different certificate authorities can use the same instance of the software to implement several parallel, independent eID solutions.

“Multitenancy means low cost of ownership and it allows customer data to be managed with the highest level of privacy. This feature is great for customers who wants to have separate CAs for each country or for each equipment provider. It is also part of the cloudification, since it allows Certificate Manager to be run in the cloud and be used by several different customers.”

The Certificate Manager portfolio consists of everything that is needed by a CA, such as trust services components Online Certificate Status Protocol (OCSP) responder and time stamping functionality.

“For additional eID and PKI token lifecycle management, Certificate Manager can also be used together with Nexus PRIME. We have standardized the integration, so now it works out-of-the-box, without the need for customizations,” says Malmström.

Several certifications coming up

Certificate Manager is also in the process of being recertified for Evaluation Assurance Level 4+ (EAL4+) according to the international standard Common Criteria for Information Technology Security Evaluation (CC).

“We have begun the rigorous third-party evaluation process, and the certification will be completed before the end of 2017. This is a way for us to show that we will continue to invest in Certificate Manager, and that it really is a top notch certificate authority software,” says Malmström.

Nexus is also creating an information security management system, following the information security standards ISO/IEC 27002 and ISO/IEC 27001:2013.

“The processes and systems needed to systematically ensure compliance to the standards will be in place during the first quarter of 2017, and then we will go through the certification processes,” says Malmström.