Certificate Lifecycle Manager Reviews

Our use case is that our organization had a lot of certificates that were unnoticed. Users used to request the certificate and install it, but when there was a change of resources or anything, they were unaware of where the certificate resides or when it expires. We had a lot of situations where the certificate had expired, the application went down, or users used to get the nasty warning saying the certificate had expired. Another case was where a certificate had expired, or it was installed on multiple endpoints, but the users were unaware of it. They replaced the certificate at one endpoint and forwarded it over to another endpoint, which eventually caused an issue because of the handshake error. These were the main driving factors for us to explore CLM options.

Certificate Manager has reduced the certificate expiration outages to almost nil. Just to give an analysis, before 2022, we had a lot of major incidents due to expired certificates. Since 2022, we have had almost zero major incidents wherein we saw a financial impact or business disruption due to an expired certificate. We have set up alerts 60 days in advance, so that gives sufficient time for the technical owners, the product owners, and the application teams to renew the certificate ahead of time.

The notification stands out as one of the best features. You can customize the emails, and as a retail organization, it was important for us to brand the emails. We wanted our users to give a look and feel of the organization and also adhere to the organization brand guidelines. So, customization of emails was one of the good features. The main core aspect is the certificate tracking. Certificate Manager does this effectively, and its ease of use makes a difference.

When it comes to automation, Certificate Manager has a lot of out-of-the-box connectors, be it for the F5 load balancer, the NetScaler load balancer, for Windows, or for Linux machines. You can even automate the certificate, push the certificate from scratch from Certificate Manager. 

The reporting feature is another aspect that many users love. We can schedule the reports and get them in either PDF or Excel spreadsheet formats when we want to share with the leadership. We can generate the PDF format and share it with the users.

The navigation is pretty good, with a sleek UI and a good dashboard that allows customization of the home page. 

Another important feature that stands in favor of Certificate Manager is the customizability. When a user requests a certificate, we want them to input some additional details. The creation of custom fields was very flexible in Certificate Manager when we compared it with other products. We can define a number of fields and even specify input types, such as alphanumeric strings, numeric values, drop-down selections, and input validation.

Even though it allows for email editing, until version 23.1, you had to log on to the server, and the console itself used to take a lot of time. That has changed from the last release onwards.

When you're defining the flow, there are some areas that can probably cause confusion to the users. If you want to rename the default field, you cannot rename it, which caused a lot of confusion during the initial days until everyone got settled in. Allowing the renaming or updating of the default field is something Certificate Manager can improve on.

Certificate Manager has both the on-prem and the cloud versions, but the on-prem version is far more mature than the cloud version, which lacks a lot of features that the on-prem version offers, at least when we did the POC and evaluated the product. The maturity of the cloud version needs improvement.

Additionally, when considering the on-prem version, there is a minor glitch in the system. When an administrator makes changes, they have flexibility regarding the approval flow. When dealing with a certificate that requires approval from several different teams, there is a minor glitch in the system where the name of the approver does not appear. This is a bug that we are currently addressing.

Additionally, there is room for improvement in key management. Changing the default account name is not a straightforward process; it can be quite tedious. This is an area where improvements could be made.

If there is a particular workflow that we want to tweak, right now, we can achieve it only via a PowerShell script. It would be great if they could also support a small Python script or anything to expand their scripting or adaptable workflow code base. Even though we can call another script from a PowerShell script, if someone doesn't have knowledge of PowerShell, that would be challenging.

It's been more than three years since we've been using the solution.

The stability is pretty stable. For one of their bugs, there are a few workarounds; I would probably give it a nine in terms of stability. This is only for the on-prem version as I do not have great exposure to the cloud version.

It is definitely scalable. I would give scalability a nine, with one point off because of the lengthy time taken to install the product.

It was for an enterprise-wide solution, so more than 15,000 work with Certificate Manager.

Certificate Manager was recently acquired by CyberArk, so it's a different situation right now. When Certificate Manager was solely Certificate Manager, I felt the support was pretty good. However, after the completion of the acquisition by CyberArk, I feel there has been a drastic downtime in the support professionals' response. If it were somewhere around nine earlier, I would probably bring it down to six right now.

Positive

No. We didn't have a different solution previously. 

It was more or less a Windows next-next-next installer. It isn't a complex installation. Any IT security professional would be aware of all the dependent components, including the database, the bare minimum bare metal requirements, and everything else. 

The installation process is a bit lengthy. Though it's simple, it involves a lot of modules that get installed. It took almost four hours for the entire installation and for the upgrade, which is almost a mimic of installation. It again depends on the number of servers you're doing it for. If you're doing it for one server, it will easily take 30 to 45 minutes, assuming you have a good connection.

It does require some maintenance, but it's not every month you need to patch it and update it. There is flexibility around it, but it does require some sort of management.

Implementation was done by in-house team. 

We evaluated Keyfactor and Certificate Manager, and even though Certificate Manager was priced far higher than Keyfactor, one of the main reasons for choosing Certificate Manager was the ROI we saw. Keyfactor doesn't offer any reporting. Certificate Manager reduced the number of resources for the reporting structure. We had six to seven people dedicated to reporting. We were able to give them better tasks instead of just reporting, so Certificate Manager's reporting capability adds great value to the ROI, along with the dashboard and automation. 

Teams used to spend a lot of time just requesting and renewing the certificate, updating it at all endpoints. In Certificate Manager, you can do it with one click. Once you have defined the entire skeleton of where the certificate resides and what it does, you can just click the push button, and the certificate will be installed and bind the complete IIS binding by Certificate Manager. From our perspective, this makes it a good bet.

It is very expensive.

We did a PoC with various vendors available in the market, such as Appviewx, Keyfactor, Certificate Manager, and finally narrowed it down to Certificate Manager because it suited our needs. It was able to give a better dashboard of how many certificates we have and what the installation points are. That's why we went ahead with it.

I would recommend Certificate Manager, but it also depends on the organization's needs. I would recommend Certificate Manager to other users if they're looking for an on-prem solution. If they're looking for a cloud-based solution, I wouldn't recommend Certificate Manager, given that they have a long road ahead of them for maturity. 

I would rate it an eight out of ten, given all the benefits, gaps, and overall maintenance.

In the last year, Okta, Microsoft Entra, CyberArk, and SailPoint stand out as the ones I have used most.

I mostly use Azure as my main cloud provider, but we also have a small portion of AWS. Azure is for more employee-related tasks, while AWS is for more customer-facing applications.

In my current company, I have used CyberArk Certificate Manager for two years, but I have used it for at least five to seven years overall.

The best features of CyberArk Certificate Manager include its robust privileged access management capability, session monitoring, and strong defense against threat vectors.

PSM, PIM, and application legacy connectivity for CyberArk Certificate Manager are probably the best in the market.

The real-time threat intelligence feature helps with preventing security breaches as it never allows any privileged access to get into the application until you check out the user ID and password, effectively managing credentials. It also includes MFA and session monitoring, tracking who is checking out the password and credentials, which are capabilities that cannot be bypassed, thus neutralizing threat protection.

I use features like PSM, PIM, session monitoring, and everything else with CyberArk Certificate Manager.

One area of CyberArk Certificate Manager that could be improved is the capability of integration with legacy applications.

The initial setup is complex. You need third-party support or support from CyberArk Certificate Manager if you do not have a lot of skillset inside your own company.

There is definitely room for improvement as sometimes the ticketing system has delays, with tickets taking 24 hours even for critical applications.

In my current company, I have used CyberArk Certificate Manager for two years, but I have used it for at least five to seven years overall.

I would rate the customer service or technical support with CyberArk Certificate Manager at least a seven out of ten.

There is definitely room for improvement as sometimes the ticketing system has delays, with tickets taking 24 hours even for critical applications.

Positive

The initial setup is complex. You need third-party support or support from CyberArk Certificate Manager if you do not have a lot of skillset inside your own company.

We are customers of CyberArk Certificate Manager, working with PwC, PricewaterhouseCooper, as a third party for providing support to CyberArk Certificate Manager.

I have observed measurable benefits and return on investment with CyberArk Certificate Manager. Overall, they also have a cloud component now, allowing connections to both cloud and on-premises systems. CyberArk Certificate Manager is doing its best with multiple layers of security, and while they face challenges with legacy applications, they can still connect to web applications, rich applications, desktop applications, and cloud-native applications.

In terms of pricing, they are a little costly, but they are the best in the market today, so I would say they are worth every penny, rating them again at seven or eight.

I would love to provide a review for one of the ones that I have experience with.

With 15 years in the Identity and Access Management industry, I have probably used 20 different authentication systems. I have used it or I have implemented it.

I am providing an overall review rating of eight for CyberArk Certificate Manager.

My main use case for CyberArk Certificate Manager is lifecycle automation and automated discovery, monitoring, and policy enforcement of certificates within the organization.

I use CyberArk Certificate Manager for lifecycle automation, and we have numerous certificates across instances, applications, and servers on different cloud platforms. The tool automates the entire certificate lifecycle, including discovery, monitoring, renewal, and compliance enforcement. This mitigates the risk of human errors associated with manual tracking and ensures that certificates are renewed on time.

Earlier, we had considerable manual effort required for comprehensive reporting and dashboards. With CyberArk Certificate Manager, the platform provides clear dashboards and reporting tools that give visibility into the status of all managed certificates, helping organizations maintain control over their certificate infrastructure.

The best features CyberArk Certificate Manager offers include enhanced security by automating certificate management, which helps prevent security breaches caused by expired or misconfigured certificates, thereby maintaining trust in digital communication. It also leads to reduced downtime of production systems and streamlined operational processes.

The enhanced security and reduced downtime have played out significantly in my organization. Previously, we had numerous certificates that were manually driven and updated by engineers, which frequently caused production system outages during critical sales times. With this tool, the proactive monitoring and alerting features help organizations address potential issues before they lead to application or server outages.

The streamlined operations aspect is something we have leveraged extensively with CyberArk Certificate Manager, which leads to automation of routine tasks, reducing the administrative burden on IT teams and allowing them to focus on more strategic initiatives.

CyberArk Certificate Manager has positively impacted my organization as a powerful tool for enhancing the security certificate management process. By automating the lifecycle of TLS and SSL certificates, it has improved security and ensured operational efficiency, making it a vital component of modern IT infrastructure management.

One area where CyberArk Certificate Manager can be improved is the dashboards are very useful, but if the tool would offer customers a way to customize them further in line with their custom reporting needs, that would be beneficial.

Regarding needed improvements, the UI needs enhancement. Sometimes it experiences latency-wise issues. If the UI can be improved further, that would be helpful.

I have been using CyberArk Certificate Manager for almost four years.

CyberArk Certificate Manager is approximately 99% stable. Sometimes we find glitches, possibly due to outages at the cloud platform level, but otherwise it performs well overall.

CyberArk Certificate Manager can be easily scaled up with minimal effort. In my organization, we started with one set of users and one business unit, and later we extended it to four additional units.

The customer support for CyberArk Certificate Manager is excellent. The CyberArk team is very responsive with relevant information about issues and knowledge base articles, and they provide insights about latest developments coming with the product in upcoming releases.

Positive

I previously used a different solution that was completely manual, and later we started using CyberArk Certificate Manager as an automation tool for our certificate lifecycle management.

I have seen a return on investment with CyberArk Certificate Manager, as it saved considerable human effort. Earlier, we had an operations team of seven people to manage certificates manually, but now it has reduced costs by reducing the team to two people with the help of the certificate management tool.

Before choosing CyberArk Certificate Manager, we explored BeyondTrust and Delinea as well, but we finally selected CyberArk.

For anyone looking into using CyberArk Certificate Manager, I would definitely recommend exploring the product to make lifecycle management a proper, completely managed process. It will help simplify the discovery of all certificate types and ensure that it maintains information about location, ownership, and expiration date, allowing organizations to manage their certificate inventory effectively.

CyberArk Certificate Manager is an overall good tool and I would recommend it. For organizations that want an automated tool to manage the entire lifecycle management process, I would definitely recommend this product.

I can share specific outcomes and metrics since using CyberArk Certificate Manager. Two years ago, our outages were 30% and above, but now with the implementation of this tool, they have been reduced to less than 5%. Eventually, as the system becomes more mature over time, we can reduce that remaining 5% as well. I would rate this product highly based on its performance and value delivery.

I am working as a PKI admin, where I approve certificates from the cert code, including approving, rejecting, and everything involved.

CyberArk Certificate Manager has excellent capability in handling certification renewals. Whenever you specify any validity period that needs to be renewed within certain days, it triggers automatically, and I appreciate that aspect. 

Our L5 team is already implementing numerous automations. If anyone requests an external certificate, the process is automated. Most of the internal certificates are also automated through the CyberArk Certificate Manager platform. Because of that automation, we work with less effort.

It would be better if they could notify each member whenever any ongoing activity is happening. I have been using it for the past four years, and I haven't received any messages about issues on CyberArk Certificate Manager's side; I haven't seen any incidents, major incident information, or any other information. If everyone using the platform is notified, it might make things easier. They can improve it by sending notifications to all users about ongoing issues or important matters.

They can add more options in the inventory part, as we currently see limited options only. For certificates, relocation, and everything else, providing more options would make it easier to see particular certificates we are maintaining.

I observed one bug in CyberArk Certificate Manager. Whenever we provide the IAP number, it should show all certificates maintained by that IAP number. However, in the past month, I couldn't see specific certificates associated with the IAP, such as Intel Application Portfolio Manager. Additionally, regarding external certificates, we cannot see the SAN names in the settings part while approving the certificate. We need to go back to all CT3 to verify them, which becomes double work. Previously, we could see them, and I don't know why they are not displayed in the new version.

I have been using it for the past four years.

Regarding stability, I observed that in the last year, CyberArk Certificate Manager was down two to three times without any notification. Whenever we attempted to log in, it wouldn't let us log in and would show that the site was down or not connecting.

Scalability is good; I don't have any comments on the scalability and load balancer as both are performing well.

I haven't contacted their technical support or customer support because I'm working in a L3 role. Mostly my L5 team communicates with the vendor. They might be contacting the support team to resolve bugs or whatever issues we observe.

Negative

I haven't tried any alternatives. For the past four years, I've been working at my organization exclusively with CyberArk Certificate Manager. I would be interested in trying other suggestions if available.

From my perspective, the initial deployment stage is medium; it's not difficult. It is easy to understand and deploy applications or certifications. It would be easy for someone who has basic knowledge to understand CyberArk Certificate Manager, as every option is visible on the home page, making it easy to locate all available options.

No maintenance is required on my end.

The pricing is minimal compared to other platforms. There are no problems regarding pricing.

I didn't notice any time saved on satisfying the compliance requirements.

To safeguard the infrastructure from any attacks, I suggest that everyone should maintain individual certificates for their specific environments, such as production, pre-production, test, and development. I would recommend maintaining different certificates for different environments because if anything goes wrong with one certificate, it might affect the entire environment. 

I would rate CyberArk Certificate Manager an eight out of ten.

My main use case for CyberArk Certificate Manager is at PVH Corp in the Hilfiger division, where we are a retail company that sells clothes, designer bags, and accessories. We use it for e-commerce purposes.

When users access the Tommy Hilfiger website or our e-commerce website, or when our designers access it, if their certificate is expired, the website will not load correctly or will not load at all. We use CyberArk Certificate Manager to update and deploy certificates so the site loads correctly.

That is the main way we interact with CyberArk Certificate Manager.

The best features of CyberArk Certificate Manager are that it scans the network, detects what certificates are expired, and automatically deploys new certificates.

Some certificates are specific, so it does miss some, but not a lot, maybe two or three. For the most part, it catches all the certificate expirations.

CyberArk Certificate Manager has impacted our organization positively by making our life much easier. Instead of us manually updating the certificates, it does it by itself. We have saved a lot of time.

It is running pretty efficiently right now, so we have no complaints. CyberArk Certificate Manager has impacted our organization positively by making our life much easier.

I think we are good right now.

I have been using CyberArk Certificate Manager for about three years.

For the most part, we have no issues.

Our Calvin Klein department was able to inject the users and it recognized everything. The whole process was pretty smooth.

Customer support is very good. They are prompt and get back to us within hours.

Negative

CyberArk Certificate Manager was our first solution. We just wanted to give it a try. We always wanted a certificate manager that replaces new certificates, so this was our first time trying it.

Licensing and costs were pretty good. We got charged a lot more from other providers like Google. The setup process was pretty easy. We just gave it our clients, imported our clients, scanned the network, and it found everything else.

I don't know how much money was saved because I wasn't involved in the purchasing of it. However, it saved us because we don't have to do manual work, and our clients don't have to wait long because it does everything automatically.

I would rate CyberArk Certificate Manager overall about an eight out of ten or nine out of ten.

CyberArk Certificate Manager is pretty good. It works and saves us a lot of time, and I am very thankful for that.

For Venafi, our use case is for managing the internal certificates of the company. We use Intrust for public certificates, but the internal certificates, the certificates generated for our own system, are managed, stored, renewed, and downloaded using Venafi.

The best features of Venafi are the event part; if any changes occur on Venafi's side, they send events, allowing our service to consume these events to figure out what changes were made, which is good in Venafi. The tracking part is also very good, as it remains consistent when multiple renewals occur, and we know what actions are being performed by whom. 

Venafi solved the issue of many misplaced internal certificates, as we know that at one place we can get all the information, and the problem of notifications about expiring certificates is resolved, improving our overall system for Expedia.

The access management for Venafi is very difficult. If a specific team needs to access certain parts of the certificates, they need to contact the admin, which is complex. For that reason, we built a third-party internal service to manage Venafi's access. 

The notification part also needs improvement because the general notifications don't specify which certificate owner is responsible. Therefore, we've developed our own notification system over Venafi to send emails to the correct user. 

The AWS tracking process is quite weak. For instance, while a certificate is associated with a load balancer, Venafi does not provide a straightforward way to identify which load balancer it is linked to. To resolve this, we need to create a root user in Amazon and grant access to Venafi, which adds complexity to the process. We can determine where the certificate is being used by using the certificate ARN. We developed an external solution for this issue, but it is something that Venafi could address as well.

I've been using the solution for around three years.

For stability, I'd rate it around six out of ten since we experience some outages despite the investment.

Venafi is scalable. We have 300 to 400 human users and many bot users using cert-manager in Kubernetes to generate certificates. I would rate its scalability a nine out of ten.

The vendor support is good; we can raise tickets in their support system, and typically a developer is assigned within one to two hours for debugging. However, there have been critical errors for which the support didn't have immediate solutions, causing some delays. Overall, the vendor support for Venafi is good.

Positive

Previously, we had a manual process for storing internal certificates managed by the PKI team, and they used to store them in a vault manually, making it a hectic process with high chances for manual errors, especially if someone leaves the company. Compared to that solution, Venafi is very good and helps, so that's why we purchased a three-year license. However, now that we're using Venafi, we've started noticing some flaws such as the notification issue, so we are looking for a better solution or building our own.

It's on prem, but we'll start migrating it to the cloud. 

Deploying Venafi can be quite complex, especially since it operates on a Windows machine. Previously, the deployment process was primarily manual and could take one or two days at a new site. However, after we implemented some Terraform scripts, the deployment time has significantly reduced to about one hour. Despite this improvement, the process remains complicated for someone new to it.

Maintenance is required for Venafi due to frequent upgrades and occasional misbehavior of the Venafi node, necessitating a separate team to check the health of the servers.

Evaluating the return on investment is complex. Overall, it has saved us a lot of time and money. Originally, the outages stopped, and we no longer had issues with certificate expirations. However, we did experience one significant outage due to the expiration of our root certificate. Unfortunately, we didn’t receive a notification from Venafi because it wasn't configured correctly, which led to a loss of around 12 million dollars. In the two years prior, we didn't have any outages, but last year we faced a major issue where the entire Expedia system was down for six hours. So while it seems to average out, the time savings and improvements in our processes have been beneficial.

For our budget, Venafi's cost is moderate. It's not expensive as internal certificate generation is free, and we only pay for the public CA certificate signer and for storage in Venafi. With the top-tier license, we can store unlimited certificates, so the pricing falls between moderate and expensive.

The solution was directly purchased from Venafi. We have a three-year license.

I would recommend Venafi if someone struggles to manage internal certificates without a management tool, but if they already have a mature system in place, I would not be sure to recommend it. It depends on the user's situation; for someone starting out, Venafi can be a good choice.

I would rate Venafi a seven out of ten.

As the Certificate Manager administrator at my previous organization, which was a payments processor and software company handling payments, I managed hundreds of certificates, primarily for TLS termination. We automated certificate management within Certificate Manager and integrated it with Fortanix, a hardware security module, to achieve FIPS 140-3 compliance. My role involved structuring Certificate Manager's folder structure, assigning ownership, and training various teams across the organization on using the platform. This included introducing the marketing team to the tool and setting up integrations. Beyond the technical implementation, I focused on fostering organizational buy-in by explaining Certificate Manager's capabilities, providing training, and empowering teams to choose their level of engagement. This collaborative approach ensured that teams understood the benefits of Certificate Manager and could effectively monitor and manage their certificates.

Beyond adhering to best practices, we implemented Certificate Manager to address the stringent security requirements of our banking partners. As a B2B SaaS provider for healthcare payments, we white-labeled our services for major banks that demanded advanced security for certificate generation. While Certificate Manager offers native Fortanix integration for encrypting its database with a Fortanix-generated master key, this did not meet our partners' specific requirements. To achieve full compliance, we collaborated with consultants to develop a more advanced integration, ensuring each certificate was generated directly within Fortanix. This solution ultimately enabled us to meet STIP compliance standards for our larger banking customers.

Certificate Manager actively develops its software and tools, maintaining compatibility with major platforms and generally staying up-to-date with industry changes. Like many mid-sized companies, it addresses bugs and implements new features based on customer feedback and demand. While it may not immediately integrate every new technology or process, such as DNS certificate re-verification, it typically adapts within six months to a year. However, the constantly evolving nature of certificate management presents an ongoing challenge for Certificate Manager, requiring it to adapt to changes made by certificate authorities like GlobalSign continually.

Certificate management without a dedicated tool like Certificate Manager or Keyfactor often resembles the Wild West, with companies employing risky practices such as generating keys on individual laptops and relying on spreadsheets for tracking. This leads to poor certificate handling, security vulnerabilities, and compliance issues. Certificate Manager provides a centralized, platform-agnostic solution for managing certificates across diverse environments like Windows IIS, GlobalSign, AWS, Azure, and GCP. By automating certificate lifecycle processes, Certificate Manager enforces best practices, improves security posture, and helps organizations meet compliance requirements. While Certificate Manager offers integrations with HSMs like Fortanix and potentially Talos, its core strength lies in centralizing and securing certificate management, making it a valuable tool for growing companies.

Certificate Manager is essential for achieving SOC and PCI compliance, mainly when working with larger banks that require adherence to FIPS 140-3 standards. This standard mandates using a Hardware Security Module for certificate generation and distribution, which is inefficient and impractical to manage manually. Certificate Manager provides a crucial solution by seamlessly integrating with HSMs, automating certificate deployment, and ensuring compliance with high-grade banking regulations. While implementing Certificate Manager can be challenging, it is indispensable for achieving FIPS 140-3 compliance and robust certificate management.

While Certificate Manager didn't necessarily save time, it provided a solution where none previously existed. It wasn't about efficiency but rather about enabling a task that was previously impossible. Certificate Manager offered a path to completion, even if it didn't expedite the process.

Certificate Manager helps reduce response times by enabling automation where possible and enhancing visibility between technical teams and product owners when automation isn't feasible. This improved global visibility significantly contributes to faster resolution times.

Certificate Manager has significantly reduced our risk exposure by enabling touch-free certificate generation and distribution. Manually handling certificates increases vulnerability, as private keys can be easily misplaced, stored insecurely, or lack adequate password protection. Automating this workflow with Certificate Manager minimizes human interaction with private keys, mitigating potential security risks.

Certificate Manager's automation capabilities were significant, as they allowed us to automate certificate rotation and deployment effectively. We integrated it with GlobalSign and aimed to automate DNS verification, although challenges remained. Certificate Manager's platform-agnostic nature was beneficial for handling certificates across different systems like IIS, AWS, and Azure. It ensures centralized certificate management, which is crucial for compliance and maintaining best practices.

It significantly improved our operational efficiency by automating certificate workflows. This reduced the number of certificates requiring manual management, freeing internal resources from deploying trivial certificates. While some complex certificates still needed manual intervention, automating simpler ones eliminated internal bottlenecks associated with tasks like uploading certificates to Imperva. By automating these processes, we reduced errors, streamlined workflows, and eliminated the need to repeatedly remember and execute complex procedures, ultimately increasing our overall operational efficiency.

The automation capabilities are good; when properly configured, it performs as expected.

Certificate Manager excels in automating certificate rotation and deployment but could enhance its offering by improving support for hardware security modules like Fortanix and providing more advanced, out-of-the-box integrations with public certificate authorities for DNS re-verification. Currently, the yearly DNS verification required by certificate authorities necessitates manual intervention, hindering full automation. This limitation, however, is not unique to Certificate Manager, as most tools lack the API integration necessary to automate the verification process with certificate authorities. Until such integration is achieved, the added security layer of domain verification will continue to pose a challenge for fully automated public certificate management.

I used Certificate Manager for two years.

Certificate Manager is super stable, and we experienced no issues with its stability.

Certificate Manager scaled well, and there were no issues with the tool's functionality. The main challenges arose in the integrations.

Certificate Manager's technical support is excellent, with even their first-tier support being in-house and highly competent. This expertise is likely reflected in the licensing cost, as certificate management is complex, and Certificate Manager invests in ensuring customer success. Their support team, even at the initial level, demonstrates a strong understanding of certificate management. For example, when we encountered bugs with the Imperva integration, their first-tier support effectively diagnosed the issue, gathered information, and escalated it appropriately. This level of competency across all support tiers makes Certificate Manager's support a valuable asset.

The downside is that Certificate Manager is a smaller company, likely with limited staff, so its support may not be as comprehensive as Microsoft's global 24/7 offering. As a US-based company, its support model primarily caters to that region. While I haven't personally needed to contact support at odd hours, their availability likely reflects their size and focus on the US market.

Positive

My previous experience with certificate management is primarily limited to Amazon Certificate Manager. While ACM offered the convenience of a fully integrated solution, it led to vendor lock-in. To avoid this, we chose Certificate Manager, intending to remain platform-agnostic.

The infrastructure deployment is moderately complex, with a difficulty level of approximately four out of ten. While the basic setup is relatively standard, complexity increases with advanced SQL configurations or high-availability disaster recovery implementations. However, the initial setup of Certificate Manager itself is fairly straightforward.

With Certificate Manager, it wasn't about saving time but achieving functionality that was otherwise impossible, such as distributing certificates without manual intervention.

I would rate Certificate Manager as an eight out of ten. While Certificate Manager is a powerful tool for certificate automation, its successful implementation requires careful planning, approvals, and company-wide buy-in. This can be challenging, especially for larger organizations lacking the dedicated resources for such a project. Although smaller companies might find deployment easier, Certificate Manager's cost and advanced features may be prohibitive unless they manage many certificates or require complex functionalities. For companies like ours, built on mergers and acquisitions, Certificate Manager becomes essential for standardizing certificate practices across diverse entities. However, smaller companies with more straightforward needs might find manual certificate management more cost-effective.

Certificate Manager's difficulty is effectively structuring the tool to align with an organization's certificate management needs and best practices. While the tool itself is straightforward and has a user-friendly interface, its implementation can be challenging, especially for larger organizations with complex hierarchies and numerous certificates. Success with Certificate Manager requires a strong understanding of certificate management, the organization's structure, and the ability to translate that structure into Certificate Manager's policy tree. This can be particularly difficult for those unfamiliar with similar tools or lacking in-depth knowledge of their organization's certificate usage. Although Certificate Manager simplifies certificate automation, the initial setup and configuration require careful planning and a deep understanding of both the tool and the organizational context.

The last contract I was on, I used it with TPP, and we migrated their internal infrastructure to AWS and then back connected to the database internally in their internal network, and it worked just peachy.

The reporting analysis is what I liked the most about it; that was the nicest thing about it. It helped keep track of certificates and their status and where we needed to make improvements, update, replace things. 

The automation capabilities of Certificate Manager are generally pretty good. It's easy to manage, and whenever I automate things, I generally use PowerShell and it's pretty user-friendly and easy to follow. My background is a C# coder, so PowerShell is easy. 

It handled compliance and regulatory requirements, such as HIPAA, very well overall. The reports that come with it generally are enough to satisfy the auditors, and if they're not, writing a new report is pretty easy, especially using the wizards built in.

I've been using it so long that it's kind of second nature to me. Documentation could use some improvement, but that's about all.

I have been using it since 2010. I last used Certificate Manager in May this year.

I would rate it a nine out of ten for performance and stability.

Scalability is great because it's easy to interconnect different Certificate Manager servers in different segments of the network, so once you've got that open door through the firewall, it's not hard at all.

A couple of years ago, I contacted the technical support for something small and a patch fixed it. I'd rate the support at least a nine out of ten. The support is very good in terms of speed and quality. 

Positive

I've done it manually, managed certificates manually, managed them through Microsoft tools, and frankly, Certificate Manager is the easiest and most comprehensive.

The initial deployment was easy for me. For the first time, it took about three days. The easiest part of it is using the discovery tool.

In terms of maintenance, you just have to keep up with the updates. They've generally got something new or good to patch, and if something doesn't work 100%, you'll find a patch on it generally pretty much monthly that could be your solution.

There were three of us for the deployment. Basically a manager and two contractors were involved.

Overall, I'd rate Certificate Manager a nine out of ten.

We use Certificate Manager for certificate management, including tracking expiration dates and automating installations. Certificate Manager eliminates manual installation by automating the process across various endpoints, including servers, load balancers, and cloud workspaces like AWS and Azure.

Certificate Manager solved our healthcare-related identity security problems by automating the monitoring of certificate expiration dates. Previously, this was a manual process, but Certificate Manager automatically emailed certificate owners and their managers, escalating notifications without our intervention. This automation eliminates manual reports and prevents outages caused by certificate expirations.

We currently operate on-premises but have purchased a cloud-based SaaS version of Certificate Manager that is being deployed.

Certificate Manager is generally user-friendly. While administrators require some training, the end-user experience is intuitive. Certificate Manager provides comprehensive user guides with step-by-step instructions, but most users can easily navigate the platform and complete tasks without consulting documentation.

The automation capabilities have significantly improved our workflow by automating the installation of certificates on servers, endpoints, load balancers, and cloud workspaces. This automation has eliminated the need to manually install certificates on each device, saving us valuable time and resources.

Automation helps reduce human error by providing a clear validation trail. For example, within a certificate object, we can easily see where a certificate was installed, such as in AWS or on a load balancer. This automated validation ensures accurate tracking and eliminates the need for manual verification, which can be unreliable and prone to errors.

Certificate Manager simplifies certificate renewal by offering a seamless process that allows users to renew certificates with a single click.

We saw the benefits of Certificate Manager immediately after deploying it, as our previous solution was inadequate. The reporting feature alone significantly improved, allowing us to track every certificate. Certificate Manager's discovery feature also proved invaluable, identifying certificates on our systems that we were unaware of. This allowed us to import them into Certificate Manager, monitor their expiration dates, assign owners, and communicate with those owners about renewals or compliance issues, such as the use of self-signed certificates. By proactively addressing these issues, we ensured the security and compliance of our certificates from day one.

Certificate Manager's reporting capabilities are crucial in helping us meet regulatory compliance requirements. Their signing algorithm report allows us to scan every certificate within our organization to identify any out-of-compliance, such as self-signed certificates. This enables us to locate the certificate owner, have them rectify the issue, and update the certificate in Certificate Manager. The comprehensive reporting facilitates the identification and resolution of any compliance concerns.

Certificate Manager's reporting mechanisms help us reduce our mean time to respond by quickly identifying and addressing compliance issues and compromised certificates. We can locate the certificate owner and promptly fix any non-compliant certificates. In the event of a compromised certificate, Certificate Manager enables us to create a new one swiftly, deploy it to servers or cloud workspaces, and renew and install it within minutes.

Certificate Manager helped us reduce risk exposure by migrating all identified self-signed certificates to trusted certificate authorities during our discovery process, mitigating any associated risks.

We would be overwhelmed if we had to install all these certificates manually on each endpoint. Certificate Manager automates this process, eliminating the need for constant monitoring and freeing up our time significantly. With Certificate Manager, we simply initiate the process and let it run, saving us the equivalent of two additional employees.

While Certificate Managers services come at a cost, the increased efficiency ultimately saves us the expense of hiring two additional employees.

Certificate Manager has a minimal learning curve. New users can typically log in and navigate the product without guidance, with only about 10 percent requiring minor assistance.

The most valuable feature of Certificate Manager is the automation that helps save time and reduce human error.

Certificate Manager could enhance its offerings by providing more automation features. Currently, specific processes require manual installations due to the lack of built-in integrations. While custom scripts can address some gaps, expanding the range of out-of-the-box integrations would significantly improve the user experience.

I have used Certificate Manager for six years.

Certificate Manager's stability has been consistently reliable. We generally experience no problems with its functionality. Occasionally, IAS might become unresponsive after patching, but this issue is not unique to Certificate Manager and could occur with any site.

Our Certificate Manager platform is load-balanced and segregated by team, ensuring that users can only access certificates relevant to their work. This role-based access control enhances scalability and efficiency by providing a focused view of necessary information.

Certificate Manager's technical support is impressively fast. Inquiries are typically addressed the same day, with most issues, even complex ones, resolved within 24 hours. Their responsiveness and efficiency have consistently exceeded our expectations.

Positive

Certificate Manager's pricing appears to be competitive within the market. After evaluating other vendors, we found that Certificate Manager offers good value for the cost, and we are satisfied with their pricing structure.

I would rate Certificate Manager a nine out of ten. There is room for improvement, but we are extremely happy with it.

Certificate Manager requires regular maintenance, such as server patching and yearly software updates, which are common to most applications. Beyond these standard tasks, Certificate Manager does not demand excessive upkeep. 

My main use case for CyberArk Certificate Manager is to manage the secrets and certificates efficiently and securely in my day-to-day work.

I use CyberArk Certificate Manager in our application related to the BFSI domain, where we handle a lot of auth-related certificates and secrets. We utilize CyberArk Certificate Manager to manage them securely and efficiently.

The best features CyberArk Certificate Manager offers are easily onboarding to existing applications and highly optimized retrieval of secrets and certificates.

Easy onboarding to existing applications means that secrets we already have can be placed in CyberArk Certificate Manager easily, and retrieving those secrets is a very simple process.

CyberArk Certificate Manager has positively impacted my organization. Earlier, we were using other technologies, and whenever we needed to update the certificates or secrets, it was challenging.

Since using CyberArk Certificate Manager, it saves a lot of time, reduces errors, and makes compliance much easier. I have seen approximately 40% time saving with CyberArk Certificate Manager, and in terms of error reduction, I have seen a 50% change.

CyberArk Certificate Manager is great and does not need improvements.

I have been using CyberArk Certificate Manager for more than two years.

CyberArk Certificate Manager is stable in my experience.

In terms of scalability, CyberArk Certificate Manager is perfect.

Customer support for CyberArk Certificate Manager is great, very supportive, and achievable.

Negative

Before CyberArk Certificate Manager, we were using HashiCorp Vault, and we switched because of the features of CyberArk Certificate Manager.

Regarding pricing, setup cost, and licensing for CyberArk Certificate Manager, those were the responsibility of the stakeholders, and I did not have access to those details.

I have seen a return on investment from using CyberArk Certificate Manager. Fewer employees are needed because many of the processes are automated, and time saving has been achieved as we can update and retrieve certificates easily.

We did not evaluate other options besides HashiCorp Vault before choosing CyberArk Certificate Manager.

My advice for others looking into using CyberArk Certificate Manager is that it is better than other tools available in the market, and it is very optimized and efficient. I would rate this product a 9 out of 10.