"Secardeo certLife covers more than just TLS machine identities. It provides additional pioneering features for managing User & S/MIME certificates or Device certificates in a Microsoft IT infrastructure."

certLife is a Windows service for certificate lifecycle management within the Secardeo TOPKI platform. certLife is used for the role-based management of any certificates for S/MIME, SSL, VPN etc. as well as SSH keys in a central SQL certificate database. The management of the certificates is carried out comfortably and clearly with a Web browser. With certLife certificates can be requested, renewed, distributed, recovered or revoked on the basis of Windows Certificate Templates. An intuitive and powerful search provides a clear and configurable list of the desired certificates. Automated notifications, for example before a certificate expires, as well as reports and statistics on the use of the certificates increase control. Custom fields and additional meta data can be used for tagging certificates for individual management requirements.

certLife provides direct connections to a large number of CAs such as OpenXPKI, Dog-Tag and managed PKI services such as Digicert, SwissSign, AWS etc. By this, all certificates from your public and private CAs are under your central control. Furthermore, certLife offers a complete certificate management for a Microsoft CA (ADCS). All certificates or selected templates may be automatically synchronized with certLife and the certLife web app offers a powerful and user-friendly way to manage your ADCS certificates.

Secardeo certLife offers a certificate self-service for users and server administrators. The certificate operations on the web GUI are available based on the Windows Authentication (Kerberos) and the roles of the user. A normal user can for example request, renew, revoke or recover his certificates or download the complete key history. He can also delegate a certificate including the private key to another user.

A web server administrator can request an SSL/TLS certificate either by pasting a CSR generated on his server or simply by choosing the required attributes with a few clicks and enforcing a key generation and CSR by certLife. The administrator can easily manage his certificates or he can also delegate them to another admin. He can upload certificates from external CAs or even SSH private and public keys. Group sharing for joint administration of server certificates is also possible.

certLife offers also advanced features like the administration of additional meta data or the integration of enterprise apps using the REST API.

certLife also offers central autoenrollment as an alternative to client-based Windows certificate enrollment, e.g. for user S/MIME certificates. The centrally generated keys and certificates can either be retrieved via the user self-service or they can automatically pushed to the user's mobile devices or Intune-managed devices via certPush. Another option is the automated retrieval of all certificates and keys to the Windows computer where the user logs in. With the additional software component certWin Client, the local Windows certificate store of the logged-in user is automatically synchronized with the complete key history from the central TOPKI key archive via certLife REST API. This also happens when logging on to other Windows systems, so that the user always has access to all encrypted e-mails regardless of the workstation and can digitally sign and encrypt new e-mails without any effort.