Nexus Certificate Manager

Nexus Certificate Manager (CM) is a flexible and scalable certificate authority (CA) software portfolio, which enables you to issue and manage electronic identities (eIDs) for people, software and things.

Public key infrastructure (PKI) has proven to be the most cost-effective and secure way of implementing security solutions for authentication, digital signatures, and encryption. At the heart of all PKI solutions is a certificate authority (CA) software. Certificate Manager can issue all kinds of digital certificates, including X.509 certificates, as well as manage the whole lifecycle of the certificates.

The certificates ensure the trustworthiness of the eIDs, which can be used to secure corporate network access for your employees; secure online access for customers, partners or citizens to your web services; automate work processes; enable communication between trusted devices; and digitize identity documents such as passports, drivers’ licenses, and national IDs. eIDs for people, software and things can be stored in, for example, mobile phones, smart cards, data files, trusted platform modules (TPM), and hardware security modules (HSM).

Nexus Certificate Manager functional overview.

Certificate Manager key features include:

  • Multitenancy, which means that several different certificate authorities can use the same instance of the software to implement several parallel, private eID solutions.
  • Support for multiple use cases, for example, issuing and managing employee identities, citizen identities and infrastructure certificates.
  • The trust service components Online Certificate Status Protocol (OCSP) Responder and Timestamp Server.
  • Support for all major certificate enrollment protocols, such as SCEP, CMP, CMC and EST.
  • Standard integration with the identity and access management (IAM) software Nexus PRIME and authentication and access platform Nexus Hybrid Access Gateway.
  • Qualified certificates, according to the organization European telecommunications standards institute (ETSI), the EU regulation eIDAS, and Swedish public authority E-identification Board’s test environment EID2.

Read the blog post Why Nexus invests heavily in its 20-year-old certificate authority (CA) platform.


Related products – Nexus eSign suite for India

The solution is suitable if you want to:

  • Implement one or several PKI based eID solutions.
  • Have a scalable and highly automated system that can host multiple tenants.
  • Buy issuance and management of eIDs as a service, with Certificate Manager hosted by Nexus or a third party.
Can Nexus provide OCSP responder functionality?

Yes, Nexus Online Certificate Status Protocol (OCSP) Responder is a separate product that can be purchased as a part of the Certificate Manager platform or as a stand-alone product.

Can Nexus provide time stamping functionality?

Yes, Nexus Timestamp Server is a separate product that can be purchased as a part of the Certificate Manager platform or as a stand-alone product.

How can I deploy Nexus Certificate Manager?

Certificate Manager can be installed on-premises or bought as a managed service.

How does Nexus Certificate Manager issue certificates to IoT devices?

Certificate Managers supports common standards for IoT devices, including support for all major certificate enrollment protocols, such as SCEP, CMP, CMC and EST. Nexus conducts continuous interoperability testing with third-party devices, from vendors such as Ericsson, Cisco and Huawei.

How does Nexus Certificate Manager relate to the EU eIDAS regulation?

Certificate Manager issues qualified certificates according to the EU regulation eIDAS.

The timestamping component is compliant with eIDAS time stamping requirements. Nexus’s customers use Certificate Manager in, for example, remote electronic signatures services.

Is Nexus Certificate Manager Common Criteria Evaluated?

Certificate Manager is in the process of being recertified for Evaluation Assurance Level 4+ (EAL4+) according to the international standard Common Criteria for Information Technology Security Evaluation (CC). The certification is planned to be ready the by end of 2017.

Is Nexus Certificate Manager multitenant?

Yes, a single instance of Certificate Manager can run multiple certificate authorities (CAs). Each CA is managed with clean separation of individual policies, issuing and maintenance processes, and policy administrators.

What business problems does Nexus Certificate Manager solve?

Digitalization and the sharp increase of online services and connected devices require trusted identities for people and things. Trusted identities are the foundation for all security, and they are what enables the implementation of mutual authentication, data encryption and digital signatures.

Certificate Manager issues and manages those trusted identities.

There are three main scenarios for Certificate Manager usage with respect to people: enabling trusted identities for workforce members, online customers and citizens. The trusted identities are used for everything from enabling online contract signatures, to granting secure access to digital resources.

In the IoT, all connected things need a trusted identity to be able to communicate securely with other things and people. There are different scenarios for Certificate Manager usage in IoT, a very important one being to fulfill the opportunities with Industry 4.0. For example, Certificate Manager enables secure remote software updates and proactive maintenance since the platform makes it possible to have continuous and protected communication with devices.

Another example of the strengths of Certificate Manager in IoT is its support for certificate enrolment protocols that are interoperable with LTE (4G) infrastructure components, thus enabling secure communication.

What is Nexus Certificate Manager?

Certificate Manager is a flexible certificate authority (CA) platform, with support for multitenancy and multiple use cases. It creates, issues and manages the life-cycle of eIDs for people, infrastructure and things. The product manages certificates, and private and public keys in public key infrastructures (PKI).

Key features:

  • Secure CA key management.
  • Flexible and effective workflow engine for secure implementation of certificate policies.
  • Secure registration for devices and people.
  • A broad set of deployment options for certificate issuing.
  • Integrated token and smart card lifecycle management.
What types of customers use Nexus Certificate Manager?

Government agencies, banks and financial institutions, large and medium-sized enterprises, defense industries, mobile network operators and trust service providers use Certificate Manager. They have implemented Certificate Manager because they need trusted identities for:

  • Citizens accessing e-government services.
  • Customers shopping online or applying for loans.
  • Employees accessing corporate data, applications and networks – anytime, anywhere and with any device.
  • Infrastructure resources or devices, for example Windows servers or eNodeBs in LTE networks, that need to authenticate and encrypt communication for confidentiality.
Can I integrate Nexus Certificate Manager with Nexus PRIME?

Yes, and the integration is standardized and works out-of-the-box, without the need for customizations.

The credential management system Nexus PRIME is used for more enhanced identity and credential management, for example, management workflows for lifecycle management, card production and self-service.