Why your organization should migrate to Nexus' certificate authority (CA)

At Nexus, we often meet organizations that outgrow their current certificate authority (CA) software, due to operational needs such as lack of multi-tenancy, scalability, or not meeting compliance and regulatory requirements. However, making the transition to a new CA platform can be a daunting task as there needs to be the assurance that there is a seamless PKI migration without any downtime for users or servers. The Nexus Smart ID Certificate Manager ensures a smooth migration and is well-suited for those who want to switch from CAs such as Microsoft’s ADCS or consolidate their different CA systems.

Smart ID Certificate Manager is a flexible, scalable and high-security certificate authority (CA) platform for hosting one or more public key infrastructure (PKI) setups. The Nexus solution supports a wide range of certificate enrollment protocols, which enables organizations to issue, manage, and validate certificate-based electronic identities (eIDs) for people, infrastructure, and things. The software can be used for customized operations on-premises or in a hosted environment.

With Nexus’ long experience of PKI and history of migrating from many CA technologies, you can rest assured that you get the support you need during a migration.

Supporting digitalization and future use cases

Through the explosion of mobile services and IoT, an increasing number of organizations need digital certificate issuance services. PKI is a preferred deployment method for providing people, software and things with an eID as well as the ability to manage and validate these identities throughout their entire lifecycle. To support the growing dependency and business criticality, organizations need to select PKIs with a strong root of trust. Securing the process of issuing and managing certificates enables organizations to establish a great foundation for digital security.

Ensuring your CA can scale and grow along with your organization is important. This means your CA should include a high-volume threshold to keep up with your future needs. Smart ID Certificate Manager issues eIDs for millions of users and things and is trusted by numerous banks, enterprises, mobile network operators, defense organizations, and device manufacturers all over the world.

Whether used by a small organization or larger enterprise, CAs should be able to automate the full lifecycle management for certificates, to prevent certificate expiry and avoid risking service interruptions. Manually tracking and renewing certificates costs time and money and often creates mistakes that could have been easily avoided. The Nexus solutions offer ready-to-use workflows, automation and self-service features to make lifecycle management easy and smooth. The REST API and ACME protocol options enable the DevOps use cases with automated deployment and scaling at a high load, for virtualization with Docker, Kubernetes, or other deployment scenarios.

High security and compliance standards

Compliance standards are also continuing to rise and companies in industries with substantial regulatory requirements, including financial services and healthcare, are becoming more likely to choose internal CA as their primary PKI deployment method. Many organizations need a certificate authority that can support protocols such as EST, SCEP, REST, ACME, or web services. It’s necessary for your CA software to be able to keep up with changing requirements and protocols without causing additional work or updates. With Nexus Windows Enrollment Proxy (WinEP) and the new support for Intune, Nexus’ platform has the same basic functionality as ADCS but with extended security and flexibility.

Common Criteria for Information Technology Security Evaluation (CC) certification is required by organizations and governments to protect their business-critical infrastructures. CC is the widest available mutual recognition of secure IT products. The Common Criteria certification provides a guarantee for quality, reliability and security and is often required due to increased demand on information security driven by national or international regulations. Smart ID Certificate Manager is Common Criteria EAL4+ certified.

Smart ID Certificate Manager Features

There is a range of benefits to migrating to Smart ID Certificate Manager. Key features include:

• Certified security - Evaluated according to Common Criteria EAL4+.
• Secure operation – All steps are protected by PKI, and security is enforced using officer certificates and the four-eye principle for critical configuration changes.
• Device flexibility – Suitable for many device types, by support for many open standards and protocols, such as CMP, EST, ACME, SCEP and REST API.
• Performance and scalability – Certificate Manager can scale with complex environments and issue thousands of certificates per second.
• Offered as a service – With the CM SDK proxy, the Certificate Manager can be offered as a service for use with all protocols.
• Multitenancy – One CA can issue certificates to separate tenants, for example to multiple Windows domains.