Certificate lifecycle management (CLM) and PKI software help companies with the process of authenticating and encrypting information using digital certificates. Public key infrastructure (PKI) is a cryptography framework that secures digital communication and protects data, devices, machines, and people from impersonation, unauthorized interception, tampering, or other attacks. The main benefit of this software is that it provides visibility and automation throughout the certificate lifecycle—certificate issuance, discovery, inventory, provisioning, deployment, securing, monitoring, renewal, and revocation. CLM and PKI software often replaces manual certificate management methods, such as tracking on spreadsheets, which helps companies prevent unplanned system downtime and system vulnerabilities stemming from errors or certificate expiration.
CLM and PKI software provide capabilities for the issuance, management, and automation of digital certificates, including but not limited to SSL & TLS certificates, client authentication certificates, digital signature, and SSH certificates. Use cases for PKI and CLM software include user authentication, machine-to-machine authentication for servers and containers, digitally signing code and documents, encryption and integrity for IoT devices, and much more.
To qualify for inclusion in the Certificate Lifecycle Management (CLM) and PKI category, a product must:
Automate CLM, including discovery, inventory, provisioning, deployment, securing, monitoring, renewal, and revocation (some vendors will offer certificate issuance solutions via public certificate authority or private PKI functionality)
Provide centralized visibility, control of, and reporting on certificates, keys, and ciphers
Monitor and notify administrators when certificate expiration dates are nearing or use workflow to automatically take a specified action, such as certificate renewal or revocation
Support certificates from multiple certificate authorities (CAs)
