Pushing S/MIME Certificates to Mobiles


Provide certificates for secure e-mail on all your user's devices. Automated user key distribution by Mail, MDM and MS Intune.


S/MIME with Intune

Deploy user certificates to your MDM-managed iOS and Android devices transparently.

 

Unmanaged Devices

Push user certificates and private keys to your unmanaged devices simply by secure e-mail.


Secure Key Transfer

Push private keys securely from your TOPKI key archive or a Microsoft CA database.


"Secardeo certPush completes the end-to-end security vision by enabling e-mail encryption and digital signature through key distribution also for mobile devices."

Read encrypted mails on road!


  • Provide access to important and confidential information everywhere on your mobile devices.
  • Incoming e-mails are decrypted with your private key.

Managed or unmanaged devices.


  • Use MDM systems in the cloud or on-premises like Airwatch, MobileIron.
  • PKCS import for MS Intune and key distribution to all managed devices.
  • Push encrypted private key containers by secure e-mail.


Recover from different key archives.


  • Key recovery using KRA private key.
  • TOPKI certificate database.
  • Microsoft ADCS database.
  • PFX/PKCS#12 file collection.


Support major mobile e-mail apps.


  • Native mail apps on iOS and Android.
  • MS Outlook for iOS und Android.
  • MobileIron Email+
  • Many more...

How it works

A user wants to read his encrypted e-mails on all his devices. For this, all devices must provide the same private key. In an enterprise PKI the private decryption key resides in a central key archive from where it can be recovered by authorized Key Recovery Agents. Also separate private signature keys can be handled accordingly. Standard S/MIME certificates typically use one multipurpose key for encyrption and digital signature.


Secardeo certPush is a service for the automated recovery and distribution of X.509 user certificates and private keys from such a central key archive. With it the private keys of S/MIME certificates can be pushed to all managed or unmanaged devices of a user. By this, the user can decrypt, encrypt or sign his e-mails using e-mail apps on mobile devices like iOS or Android or even on MDM-managed Windows or Mac systems.


Secardeo certPush is an integral part of the Secardeo TOPKI platform. It can also be used as an extension for a Microsoft CA. With certPush, X.509 user certificates and PKI private keys can be simply recovered using standard Microsoft key recovery mechanisms based on Key Recovery Agents (KRA). Recovered keys can then securely be distributed to all devices of a user in a protected PFX (.P12) container.


Certificate distribution can be done automatically via secure e-mail, e.g. for unmanaged devices, or via an MDM system for managed devices.

certPush Mail distributes the private key in a PKCS#12 encrypted container as a .pfx attachment to the certificate owner. The password to decrypt and import the key on the device is transferred end-to-end encrypted.

certPush MDM uploads a user’s certificate and private key to his configured profile on Mobile Device Management (MDM) system. This is done over a secure channel via the MDM API. The PKCS#12 container and password can then be pushed to the mobile device or even MDM-managed Windows PCs or Macs in a mail or exchange profile.

certPush KRS is a Key Recovery Service that provides recovered private keys to authorized applications like certLife based on a strong authentication. By this, a user may import his certificates and keys to his device via a web based self-service.


The user certificates or S/MIME certificates may stem from an internal Microsoft CA or a public CA like SwissSign or Digicert using certEP or certLife.

certPush supports the recovery of single private keys and batch recoveries of private keys of multiple users. Secardeo certPush can either recover only the current certificate and private key of a user or the whole key history into a .P12 container.

  • Features

    • Support of Microsoft CA (ADCS) key archive
    • Support of Secardeo TOPKI key archive
    • Support of encrypted PFX folder
    • Reliable recovery process based on Key Recovery Agent certificates
    • Recovery and distribution of single private keys
    • Batch recovery and distribution of private keys for multiple users
    • Recovery of current certificate and private key of a user or the whole key history
    • Encrypted distribution to managed and unmanaged devices via e-mail push
    • Secure distribution to managed devices by MDM upload
    • Automatic key distribution based on an Active Directory group or a list of e-mail addresses
    • Periodic background distribution (certPush service)

Resources

Share by: