CEMA - Fully-featured Certificate Lifecycle Manager
Eliminate manual errors and ensure continuous security compliance with a powerful and modern certificate manager.
Simplify and automate the certificate management with CEMA.
The CEMA Certificate Manager is a modern, fully-featured, certificate lifecyle manager developed by intelliCard Solutions AG (Id-security).
Acting as a unified PKI front-end, CEMA connects to various CAs, letting you use a single interface for all you PKI needs. CEMA is also back-end to the ID-Security(/intelliCard) Enrollment Hub supporting many enrolment protocols, independently of the protocols the issuing CA supports.
All certificates are stored securely in a centralized repository, providing easy access for administrators and facilitating efficient management. By implementing granular access controls to manage permissions for certificate management tasks, you ensure that only authorized personnel can perform critical actions on certificates. Define customizable policies for certificate renewal based on expiration dates, usage patterns, and compliance requirements. Automated issuance and renewal ensures uninterrupted service availability suitable for large scale industrial IoT.
Unified PKI front-end
A unified front-end to internal and public certificate authorities simplifies administration and reduces manual error by standardizing certificate management procedures in the organization.
Flexible enrollment options
Enroll via web interface or REST API. Supports ACME, SCEP, Intune and Microsoft AutoEnrollment protocols via Enrollment Hub (hyperlink to Enrollment Hub product page).
Actionable Data
Search Configurations gives you comprehensive view of certificate usage at the click of a button. With any number of saved personal or shared Search Configurations, you always have access to data to guide PKI decisions.
Enterprise-grade security
CEMA is written in Java and uses robust, hardened deployments and user authentication. And of course, it integrates with Hardware Security Modules (HSM) for key storage
Great companies trust ID Security
Simplify your certificate management experience
Made for Enterprise PKIs
CEMA is built to suit the needs of enterprise PKIs. Connect to publicly trusted CAs as well as internal CAs, such as EJBCA, Microsoft Active Directory Certificate Services (ADCS) and other PKIs. Automate large-scale enrollment using REST API and get extensive enrollment protocol support via Certificate Hub.
Flexible User Management
Assign user groups to one or more roles which defines user privileges. Supports Kerberos (Active Directory), OpenID Connect and certificate-based single sign-on and group management.Enable optional multi-factor authentication (MFA) for high-privileged users.
Smart Dashboard
The fully-configurable CEMA Dashboard puts essential data front and center. Never miss a certificate about to expire or let abnormal issuance go unnoticed.In the dashboard, every CEMA administrator have the critical information they need always at their fingertips.
Workflows for manual procedures
Eliminate errors in manual procedures with workflows tailored to any user level. The powerful Workflow system allows different user groups to interact with different options available for certificate issuance and publishing.Simple one-click certificate issuance with fixed values or flexible workflows that allows selecting certificate type and issuer can be made available to the users who need it, and only them.
Download Server
The CEMA Download Server makes distributing key stores and certificate easy. Automatically send download links to certificate holders. Enforce strong password policies with password generation.
Deploy anywhere
CEMA runs in a hardened Apache Tomcat web server and can easily be deployed on-premises on Windows and Linux, in the cloud or as container. MariaDB, MySQL and Microsoft SQL Server database support.
Packed with useful features
Tools for Best Practice PKI
Running a best practice PKI requires constant awareness of what certificates, key and algorithms are in use throughout an organization. A modern certificate lifecycle manager should ensure that nothing important goes unnoticed.
Become Crypto Agile
Achieve crypto agility by tracking which cryptographic keys and algorithms that are in use.
Combined PKI Inventory
Inventory all issued certificates, devices and certificate owners from all CAs used in your PKI.
Up-to-date statistics
Create detailed statistics and reports of your PKI usage with CEMA Search Configurations. Visualize critical information in the Dashboard.
Get notified of important events
Notify PKI administrators of important alerts and send e-mail notifications to certificate holders when it is time for them to renew. Escalate with notifications to department manager if critical certificates are not renewed in time.
Automation and Integration
Automation is key to reduce security risks associated with manual errors. Prevent certificate-related outages and breaches by automating lifecycle management.
Unified front-end to internal and public certificate authorities
Enforce standard procedures with a certificate lifecycle manager that is able to connect to the various internal and external CAs in use. CEMA connectors supports Microsoft AD CS, EJBCA, GlobalSign, AtlasCMP, BlueX. Clients enrolling through CEMA can use the following protocols, independently of issuing CA capabilities: Microsoft AutoEnrollment, ACME, SCEP, Intune.
Automate certificate issuance and renewal with REST API
Deliver certificates quickly and securely to any point in your DevOps pipeline. Handle bulk operations with simple REST calls.With CEMA, full configuration management via REST is possible.
CipherMail integration
CEMA integrated with the CipherMail solution for e-mail encryption and signing, ensuring keys and certificates conform with security policies.
Enterprise-grade Security
CEMA is designed with security in mind and provides many useful functionality for ensuring compliance with though security standards. Enforce security policies consistently and reduce security risks by ensuring all certificates comply with your organization's security policy.
Hardware Security Module (HSM) Support
Cryptographic keys used by CEMA can be stored in any HSM with PKCS#11 support.This guarantees best-practice control of keys used for audit log signing, TLS connections and database credential encryption.
Role-based Access Control
CEMA users can only access resources allowed by their assigned role. User roles can be managed in CEMA or taken from outside source such as Active Directory group or client TLS certificate data.
Multi-factor Authentication
Multi-factor authentication (MFA) can be enforced for high-privileged users.
Multi-tenancy
Multi-tenancy support with logical separation of different PKI environments.
Amanda Pisani
Chief Security Operations, Moloco
Want to know more about our way of working?
We are delighted to hear more about your situation and offer the best possible solution after consulting with our experts. So get in touch with us today.