No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer2678859 - PeerSpot reviewer
Solution Engineer at a comms service provider with 10,001+ employees
Real User
Top 10
Apr 1, 2025
Offers a lot of control and streamlines certificate lifecycle management
Pros and Cons
  • "The most important feature for us is the ease of use. If something is not available, we can develop our own scripts for it. We can create change management around this tool."
  • "We have reduced 80% to 90% of our outages with Venafi, which impacts the revenue substantially."
  • "The product was really good when it was a Venafi product. However, since its acquisition by CyberArk, there has been a lack of significant innovations. They are pushing for cloud adoption, but we prefer on-premises solutions due to regulatory concerns."

What is our primary use case?

I work in telecom. I am not only working with Certificate Manager; I am also working with other CyberArk products.

The most important use case for us is certificate inventory, discovery, automation, and lifecycle management of multiple endpoints across multiple platforms. We automate certificates on various platforms, including OpenShift. We are working on Azure migrations. Certificate Manager acts as a central core platform. It provides a view of every application certificate hosted and serves as a central system to implement security governance policies. Certificate Manager acts as the heart of everything we do.

How has it helped my organization?

Its automation capabilities are strong, supported by robust driver setups. Additionally, Certificate Manager training materials and documentation help end users of various technical levels effectively. In a large company like ours, not every user is the same. They do not have the same level of technical understanding. A good thing is that their documentation is good and detailed. You can take a driver and go step by step. It clearly explains to you what you have to configure.

We have reduced 80% to 90% of our outages with Certificate Manager, which impacts the revenue substantially. They have introduced automation for OpenShift through Certificate Manager which has made the lives of developers much easier. Whenever we want to implement some policies, we target only one secret. The developers get to focus on developing their applications. They can spend time on their applications and leave the security for us.

I have done PoCs with multiple vendors. Compared to others, Certificate Manager is a bit advanced. They are three to six months ahead in terms of technology. For Azure integration, they have an out-of-the-box driver. There is no need to spend time. We just need to follow the step-by-step process that they have explained, and that is it. It works.

We previously had an in-house tool that only gave us notifications and reminders. With Certificate Manager, we have consolidated all the principles in a central platform. It helps teams to have a central view of anything. We have also integrated Certificate Manager with a lot of vulnerability management tools to have a central view. We are using reporting to have a central plane of data where every week, anyone can come and see the status.

It helps notify people. It gives a heads-up to the people regarding what is happening in their system for their certificates. It has reduced the overall complexity. We are not where we were five years ago. If we want to change the root certificate altogether, we can just push it from Certificate Manager. We just push the certificate onto the endpoint. Most people are now aware of what is happening with their applications.

The core principle of policies, automation, and notifications has reduced the time for a product to be deployed in production. It helped people understand how to use a certificate and how to configure it.

It has saved time. Previously, if the application team wanted to deploy something, they had to rebuild the code and other things. They used to take two days, which has now been reduced to almost half an hour. Once they configure it, they just push it. Even for OpenShift, the time was reduced from five hours to ten minutes.

What is most valuable?

The most important feature for us is the ease of use. If something is not available, we can develop our own scripts for it. We can create change management around this tool.

We also have a lot of control, such as deciding when our application team wants to push implementations and making detailed reports. We can have reporting for change management, problem management, and lifecycle management. If someone is not renewing on time, we can notify them that this has been scheduled. We can do tracking and have workflows around it. It is easy. We can integrate it with almost everything.

What needs improvement?

The product was really good when it was a Certificate Manager product. However, since its acquisition by CyberArk, there has been a lack of significant innovations. They are pushing for cloud adoption, but we prefer on-premises solutions due to regulatory concerns. They are giving support for cloud-based and SaaS solutions. I would like equivalent support for on-premises ecosystems.

Integrating Certificate Manager with CyberArk's Conjur for centralized secret management is currently challenging for us. Conjur is a central platform where applications can store all kinds of secrets, even certificates, private keys, and passwords in a central location, and that can be distributed everywhere. This integration is crucial for our seamless operations, and we have been awaiting a solution for nearly two years.

Buyer's Guide
Certificate Lifecycle Manager
July 2026
Learn what your peers think about Certificate Lifecycle Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.

For how long have I used the solution?

I have been using the solution since 2021, so it has been almost four years.

What do I think about the stability of the solution?

We encounter hiccups, but 95% of the time, it runs perfectly fine for us.

What do I think about the scalability of the solution?

Scalability is an issue for us, requiring new components or servers for installation. Horizontal scaling is a necessity rather than vertical scaling. However, with a proper ecosystem design, it should not pose significant problems.

How are customer service and support?

We worked directly with Certificate Manager professional support, and our experience was excellent. Their technical support is knowledgeable and helpful, making Certificate Manager stand out among other CyberArk products.

Which solution did I use previously and why did I switch?

We initially had our own in-house component for lifecycle management, but it was not effective. We developed our own scripts, but they did not fulfill all our needs. This led us to adopt Certificate Manager.

How was the initial setup?

I was responsible for choosing and deploying this solution. Its initial setup is straightforward, but they have to improve the upgrade process. In a distributed network, you have machines everywhere, and it takes time. They have improved it a bit, but sometimes it is better to do it server by server. 

Overall, it is easy. You just have to install the package on a server. That is it. You can enforce policies. All CyberArk products are like this.

After we started using the product, we saw its value within nine months. The shorter the certificate lifecycle, the more apparent the benefits. We have policies that allow us to realize the value within approximately nine months.

We took approximately three to four months to prepare the setup for automation. It took about eight to nine months for all the teams to get used to it. In a year, it was completely in production and operational mode. The application team started using the automation principles and following the self-service model. Our team is not involved in anything. People come and have a certificate. They do their automation on their own.

It does not require any maintenance. If you have implemented it well, It just keeps running. You have to build your process around it. We planned it and got it reviewed by Certificate Manager. We are following the best standards and best practices of the industry. We upgraded it in November, and so far, we have not touched anything. It is just running on the latest version.

What about the implementation team?

We worked directly with Certificate Manager professional support.

What was our ROI?

Measuring benefits or returns in security is challenging for us. We reduced outages by 80% but quantifying that in terms of revenue saved is difficult, as each outage has its unique value.

What's my experience with pricing, setup cost, and licensing?

The pricing has increased for us, impacting our organization due to its operational expenditure (OPEX). The pricing model is complex, considering factors beyond the number of certificates. This complexity can make our payments to Certificate Manager challenging if costs continue to rise. It is good but more expensive than the competitors.

Which other solutions did I evaluate?

We conducted a proof of concept with two vendors aside from Certificate Manager. The ease of use, responsiveness, and accuracy made Certificate Manager stand out. Certificate Manager reliably executed tasks and provided feedback. That gave it an edge over other products. However, now, Certificate Manager lacks innovation which seems to be an issue with all CyberArk products.

What other advice do I have?

To someone who is looking into Certificate Manager but already has a legacy solution in place, I would recommend going for Certificate Manager. It helps understand the ecosystem and enforce policies. You can have visibility into all the certificates and automation with the cloud and on-premises solutions. Integration is easy and straightforward.

You should understand how teams are organized in your company before starting with Certificate Manager because everything is based on permission sets. After identifying the teams, you can prepare policies for them and integrate them with Certificate Manager.

Overall, I would rate Certificate Manager an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Sean Kurtz - PeerSpot reviewer
Client Services Consultant Ai Ops & Automation at a tech vendor with 10,001+ employees
Real User
Top 5
Aug 10, 2025
Automation capabilities have streamlined compliance and regulatory processes
Pros and Cons
  • "Certificate Manager's ability to help with compliance and regulatory requirements, including SOX and Swift, was great; this is a major selling point."
  • "In terms of areas for improvement, one thing that we did not appreciate about Certificate Manager was having agents on everything."

What is our primary use case?

My use cases for Certificate Manager were for the Certificate Manager Trust Protection Platform, managing infrastructure PKI and certificates.

What is most valuable?

Certificate Manager's automation capabilities are very good, which is why we used it. Certificate Manager's ability to stay updated on the most current certification renewals was also very good. Certificate Manager's ability to safeguard my financial services infrastructure was good; we had no problems with that. Certificate Manager's ability to help with compliance and regulatory requirements, including SOX and Swift, was great. This is a major selling point.

What needs improvement?

In terms of areas for improvement, one thing that we did not appreciate about Certificate Manager was having agents on everything. An agent needed to be installed everywhere to handle the certificate management. Having the agents everywhere is not ideal and is always problematic. Having the agent everywhere is not the best for security, which was our other significant concern.

For how long have I used the solution?

I have been using Certificate Manager for about two years in my career. I am not currently using it at my current job, but rather at my previous position.

What do I think about the stability of the solution?

I have no issues about Certificate Manager's stability; it demonstrated good stability.

What do I think about the scalability of the solution?

Certificate Manager's scalability was good as well.

How are customer service and support?

I have contacted Certificate Manager's technical support and customer support. We worked with their consulting group during implementation. I went through the whole implementation phase and they were very effective. For Certificate Manager's support, I would rate them eight or nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have not used any alternatives to Certificate Manager; nothing at that scale of management.

How was the initial setup?

It took me about six months to a year to fully deploy Certificate Manager across the entire enterprise.

What about the implementation team?

The implementation involved a whole team operation with approximately five or six people in total, including myself, several colleagues, and consultants.

What was our ROI?

The mean time to respond was significantly reduced with Certificate Manager.

What other advice do I have?

When I was working with Certificate Manager, I was working in financial services as a user of the product and not a partner of Certificate Manager. On a scale from 1 to 10, I would rate Certificate Manager overall for everything an eight.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Certificate Lifecycle Manager
July 2026
Learn what your peers think about Certificate Lifecycle Manager. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,836 professionals have used our research since 2012.
reviewer2803956 - PeerSpot reviewer
Cybersecurity Manager at a financial services firm with 11-50 employees
Real User
Top 20
Feb 28, 2026
Automation has transformed credential checks and has reduced manual access management work
Pros and Cons
  • "CyberArk Certificate Manager has positively impacted my organization by automating the credential process, allowing users to rotate and share passwords with no human intervention required."

    What is our primary use case?

    My main use case for CyberArk Certificate Manager involves checking the client's internal servers, the people's practices, and granting access to accounts to ensure that their credentials are not compromised.

    I have been using it as a main use case for years, and it performs well.

    What is most valuable?

    The logging feature makes my job easier and more efficient by allowing us to move away from manual checks. With automation, we can clearly see who has done what.

    CyberArk Certificate Manager offers many features, making it very useful for PAM solutions and other credential rotations.

    CyberArk Certificate Manager has positively impacted my organization by automating the credential process, allowing users to rotate and share passwords with no human intervention required.

    What needs improvement?

    I believe CyberArk Certificate Manager can be improved with the integration of AI and other tool leverages for more efficient work.

    For how long have I used the solution?

    I estimate that I have been working with CyberArk Certificate Manager for nearly two years across my client projects.

    What do I think about the stability of the solution?

    CyberArk Certificate Manager is stable.

    What do I think about the scalability of the solution?

    CyberArk Certificate Manager has good scalability.

    In my experience, CyberArk Certificate Manager can handle a high number of users and maintains efficiency among people.

    How are customer service and support?

    CyberArk Certificate Manager's customer support is good.

    On a scale of one to ten, I would rate the customer support a nine.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution before CyberArk Certificate Manager; it was all manual activity.

    What about the implementation team?

    My organization has taken care of the pricing, setup cost, and licensing.

    My experience with the pricing, setup cost, and licensing was straightforward and reasonably priced.

    What was our ROI?

    I have seen a return on investment in terms of money saved and time saved.

    CyberArk Certificate Manager has delivered a significant reduction in manual work.

    Which other solutions did I evaluate?

    Before choosing CyberArk Certificate Manager, I did not evaluate other options.

    What other advice do I have?

    My advice to others looking into using CyberArk Certificate Manager is that it is good and reliable.

    People have significantly improved their operations with CyberArk Certificate Manager.

    I have no additional concerns about CyberArk Certificate Manager; it is excellent. I would rate this review a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: Feb 28, 2026
    Flag as inappropriate
    PeerSpot user
    Release Management Specialist at Wipro Limited
    Real User
    Top 20
    Aug 4, 2025
    User interface helps manage certificates efficiently while additional notification options improve awareness
    Pros and Cons
    • "The best feature I appreciate about Venafi is its user interface, which allows me to search for any particular certificate and immediately see the certificate details and expiry."
    • "For the stability of the solution itself, I would rate it a seven."

    What is our primary use case?

    In my testing and support role as an analyst, I handle a certificates list, checking their expiry dates, and if a certificate is expiring within a month, we ask if there are any private keys to add; if not, we put a public key for renewal or creation based on the expiry date, and we obsolete certificates not in use from the Venafi tool.

    What is most valuable?

    The best feature I appreciate about Venafi is its user interface, which allows me to search for any particular certificate and immediately see the certificate details and expiry. I mostly appreciate how user-friendly the UI is. The Venafi solution has helped my organization by allowing us to manage certificates directly instead of relying on server administrators to perform tasks such as renewing and obsoleting.

    What needs improvement?

    As an end user, I cannot specifically point out improvements, but I believe it would be beneficial to display active certificates in a separate column on the UI, so users can easily find what they need. Additionally, I think notifications for certificate expirations could include varying time frames such as 60 days or 15 days to better inform end users.

    For how long have I used the solution?

    I have been using the Venafi tool for almost six plus years when I worked for Lloyds Banking Group, particularly for certification tasks such as obsoleting, creating, and renewing.

    What do I think about the stability of the solution?

    For the stability of the solution itself, I would rate it a seven.

    What do I think about the scalability of the solution?

    I am not sure about the total users across the whole company, but in our team, there are about 10 to 15 people.

    Which solution did I use previously and why did I switch?

    I only utilize Venafi for certificate renewal, so I cannot compare it to other products.

    What about the implementation team?

    We do not handle the deployment ourselves as different teams manage the installation.

    What was our ROI?

    The overall time saved from automating processes compared to manual work could be around ten percent.

    What other advice do I have?

    Although I am not fully aware of compliance matters, I believe Venafi maintains good authentication since only authorized users can log in, preventing compliance issues. Different clients such as Walmart and Lloyds will have their certificates in separate folders to ensure that data from one client does not mix with another. I am not aware of Venafi's pricing.

    Overall, I would rate Venafi a seven because, from my perspective, that feels accurate.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2688693 - PeerSpot reviewer
    Senior Security Engineer at a tech services company with 1-10 employees
    Real User
    Top 20
    Apr 9, 2025
    Reduces workload and has great automation capabilities and support
    Pros and Cons
    • "The support is definitely great. What I like best about Venafi is that it's very easy to get somebody on a call and get any of my questions answered. That's probably the biggest thing. Besides the fact that it's a mature product and it works, the support is a big deal."
    • "It's definitely worth the money to have Venafi as a tool; it's definitely miles away from the competition, in my opinion."
    • "There's definitely lots of room for improvement with Venafi. They have a website where we can suggest new features, and they need to take that a little bit more seriously."
    • "There are quite a few different technical aspects of Venafi that I feel they just missed out on; I'd have to look at my notes for the specifics."

    What is our primary use case?

    Certificate Manager is a certificate lifecycle management tool that I utilize as middleware to manage certificates; it's not the actual creator of the certificate, but it's what comes between the creator and the consumers.

    How has it helped my organization?

    The automation capabilities of Certificate Manager are great; it's not complete, but it's a work in progress. The automation capabilities of Certificate Manager have helped my organization reduce errors. It is probably the best out there. The PKI space is super niche and the automation pieces are all just coming together, so they haven't been fully fine-tuned. The automation part of it is not mature anywhere in the industry, but Certificate Manager is probably the best that you're going to get. 

    There are lots of benefits to using Certificate Manager. The automation piece is definitely the best out there. I've dealt with other CLMs in the past, and I've really struggled with products that don't work. Certificate Manager works. There are these issues here and there, but the fact that it works is a big plus. For example, we were able to do integration F5s, so our entire organization doesn't have to worry about that aspect of it, and our networking team doesn't have to be humongous. The networking team is probably one of the most overworked teams anywhere, in any enterprise, but we've managed to cut down their certificate work by loads. They're probably only doing 10%, maybe even 5%, of the certificate work they should be doing if they were doing it manually. 

    Certificate Manager has definitely helped reduce risk in my organization. We can scale out certificates as quickly as we can, so in the example of the automation of the F5, just the fact that we're able to scale out some certificates pretty quickly definitely stops us from being in a non-secure manner. 

    Certificate Manager has helped us reduce the mean time to respond. I don't have to go into the CA to get a certificate. I can just log in quickly to the Certificate Manager web app and get a cert with two or three clicks. That's pretty handy. 

    Certificate Manager has helped my organization free up staff to work on other projects or tasks; the companies that have been able to implement it in creative ways have managed to do it to a point where the team doesn't even need to be that big. There are only just four of us dealing with certificates, and that's pretty small compared to most other companies out there. The fact that we were able to implement it correctly in the beginning and utilize the tools around the space and those that can attach to it has definitely freed up a lot of our space to a point where it's running itself.

    What is most valuable?

    The support is definitely great. What I like best about Certificate Manager is that it's very easy to get somebody on a call and get any of my questions answered. That's probably the biggest thing. Besides the fact that it's a mature product and it works, the support is a big deal. 

    What needs improvement?

    There's definitely lots of room for improvement with Certificate Manager. They have a website where we can suggest new features, and they need to take that a little bit more seriously. I don't know if they're backing out because of numerous requests, and I know developers are always working hard to get the new features out, but there's definitely a lot that can be done still. There are quite a few different technical aspects of Certificate Manager that I feel they just missed out on; I'd have to look at my notes for the specifics.

    For how long have I used the solution?

    I have been using Certificate Manager since 2021, so about 4 years now.

    What do I think about the stability of the solution?

    Certificate Manager is a stable product. It's definitely more stable than others. If there's ever been an issue with Certificate Manager, it usually tends to be something else; maybe the Windows server just needs a reboot or something, and very rarely do we see big issues that are bugs. The bugs exist, but the organizations I've been in haven't been hit as much with the bugs that are out there.

    What do I think about the scalability of the solution?

    Scalability with Certificate Manager is good; you can definitely use it if you have ten thousand certs, a thousand certs, a million, or a couple million. I know of an organization that I was almost hired into that has millions of certs, and they were explaining it to me, so Certificate Manager is definitely scalable.

    How are customer service and support?

    The support is definitely great. It is easy to get somebody on a call or get any of my questions answered, so that's probably the biggest thing. I would rate their customer support a nine out of ten because there are situations where support could be improved. They could improve their technical support team by just training up; it's a work in progress.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used NCLM, which is Nokia's product for certificate lifecycle management, in the past.

    How was the initial setup?

    I've just always known how to do the initial setup for Certificate Manager; they have their documents, but we also have the support of the vendor if we have any questions.

    Which other solutions did I evaluate?

    I have evaluated other solutions before choosing Certificate Manager; there's Keyfactor, DigiCert, Entrust, and a whole bunch. It always seems to be between Keyfactor and Certificate Manager for me. Certificate Manager has always been the tool that I've utilized; I haven't really gotten into Keyfactor quite yet, so I can't really speak to that.

    What other advice do I have?

    I would say that using Certificate Manager is not for beginners, but the documentation is there, and they make it really easy for you to use. You should have an idea of what PKI is before you jump into it. You need a little bit of training to use Certificate Manager; it's not something that you would just jump in and be able to do right without some training. 

    It's definitely worth the money to have Certificate Manager as a tool; it's definitely miles away from the competition, in my opinion. Deployment with Certificate Manager is very easy. I would recommend Certificate Manager to other people. 

    I would rate Certificate Manager a nine out of ten.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2741469 - PeerSpot reviewer
    Assistant System Engineer at a consultancy with 10,001+ employees
    Real User
    Top 20
    Jul 18, 2025
    Automating certificate lifecycle management has significantly reduced manual efforts and improved operational efficiency
    Pros and Cons
    • "By using Certificate Manager, we have reduced our potential risk significantly due to certificate expiry, as all teams are getting emails before 60 days and 90 days, which is helpful."
    • "The support from Certificate Manager needs improvement based on my experience. The response time needs improvement, and it takes too long to resolve or provide solutions for some tickets."

    What is our primary use case?

    We are using Certificate Manager as a certificate lifecycle management tool and for notifications, specifically certificate expiry notifications. Currently, we are working on automation by using Certificate Manager for automatically installing the certificates on different key stores.

    How has it helped my organization?

    By using Certificate Manager, we have reduced our potential risk significantly due to certificate expiry, as all teams are getting emails before 60 days and 90 days, which is helpful.

    It has reduced our manual efforts significantly. Earlier, if it took us 10 minutes to issue one certificate, by using Certificate Manager, we are now issuing it in 5 minutes, which is a 50% time saving. 

    We are actively monitoring every certificate within our organization. It allows us to know which specific part or server each certificate is being used for. Through our monitoring efforts, we can provide detailed information about each certificate, ensuring our organization is well-informed.

    It has improved our operational efficiency by 70% to 80%.

    What is most valuable?

    Certificate Manager is a versatile tool, providing many services beyond the tools present in the market. The best feature is that Certificate Manager automatically discovers certificates in the environment and onboards them in the dashboard. Using Certificate Manager, we can automate and install certificates on target machines without human intervention, making it an excellent tool for automation and certificate lifecycle management.

    Certification renewal is the fundamental aspect of Certificate Manager, and it meets current market standards, setting the benchmark. We are monitoring each certificate, so our organization is aware of which server uses that certificate, and based on the monitoring, we can access all certificate details, which provides great help.

    What needs improvement?

    The solution's ease of use is moderate, and I suggest that the documentation by Certificate Manager should be more linear or simpler because when new associates or trainees try to learn the tool, the documentation is difficult to understand.

    Integrating Certificate Manager into existing systems is quite easy; however, the documentation should be improved as we have to conduct analysis from our end, and the documentation hasn't presented information in a proper or linear fashion.

    The support from Certificate Manager needs improvement based on my experience. The response time needs improvement, and it takes too long to resolve or provide solutions for some tickets.

    For how long have I used the solution?

    I have been working with Certificate Manager for three years.

    What do I think about the stability of the solution?

    It's stable. I would assess the stability as eight out of ten. 

    What do I think about the scalability of the solution?

    It's scalable. Scalability is rated an eight out of ten.

    In our organization, we currently have around 15 members working on Certificate Manager, with more than 300 to 400 people having read access to the dashboard to view their certificates.

    How are customer service and support?

    The support from Certificate Manager needs improvement. I would rate the technical support a seven out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup process can be a bit complex, but I would classify it as medium-level difficulty. One area for improvement is the documentation, as clearer guidelines would facilitate more effective automation. Based on the current documentation, it typically takes us four to five weeks to deploy any updates or changes. Unfortunately, we've encountered difficulties in locating the necessary information.

    We perform maintenance on a quarterly or semi-annual basis to ensure everything runs smoothly.

    What was our ROI?

    It brings value from day one; deploying this solution definitely provides beneficial value.

    What other advice do I have?

    Certificate Manager is versatile, providing numerous features compared to other tools in the market. If I were to recommend a tool to anyone, I would choose Certificate Manager over others.

    For certificate-related tasks, we can work on the PCI and DSS components, but regarding Certificate Manager specifically, there isn't a need for PCI and DSS compliance. If we want to install private keys, we need to consider compliance issues, but if we are not installing private keys, there is no need to comply with current governance rules.

    I would rate Certificate Manager an eight out of ten, as it has versatility and offers many features compared to tools available in the market for certificate lifecycle management.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    IT Executive at Starwood Hotels & Resorts Worldwide, Inc.
    Real User
    Oct 13, 2023
    The solution has some additional functionalities for managing PKI certificates compared to other products
    Pros and Cons
    • "We use Venafi for PKI certificates."
    • "Venafi's overall installation could be made easier."

    What is most valuable?

    We use Certificate Manager for PKI certificates.

    What needs improvement?

    Certificate Manager's overall installation could be made easier. You have to install the client, then go to the console and push the certificate.

    For how long have I used the solution?

    I have been using Certificate Manager for three to four months.

    What do I think about the scalability of the solution?

    More than 10,000 users are using Certificate Manager in our organization.

    What about the implementation team?

    Certificate Manager was deployed in less than 30 minutes. I did Certificate Manager's deployment by myself, but we had to go through some processes to get the PKI certificate for the enterprise side. Then, they create the certificate, and we deploy it.

    What other advice do I have?

    Certificate Manager has some additional functionalities for managing PKI certificates compared to other certificate deployment products. I would recommend Certificate Manager to other users.

    Overall, I rate Certificate Manager an eight out of ten.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Venu Sunkara - PeerSpot reviewer
    Lead System Operation Engineer at a tech services company with 51-200 employees
    MSP
    Nov 29, 2022
    Great integration and ability to automate anything
    Pros and Cons
    • "Automating anything, whether on-prem or cloud, is possible."
    • "Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires."
    • "For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically."

    What is our primary use case?

    We use this product for our clients' server authentication and application ID certificate. We create the certificate so that when a user tries to access an application, it looks for that specific certificate based on the volume information and it authenticates on that basis. I'm a lead system operation engineer and we are customers of Venafi. 

    What is most valuable?

    If you want to automate anything, renew the certificate and apply to whatever environment you need, whether it is on-premise or cloud, automation is possible. You just need to have your integration set up. Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires. It also minimizes downtime and has good integration. 

    What needs improvement?

    For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically. Venafi only provides CER and no other format. They provide an option for JKS, but that certificate doesn't work because of some configuration issues. 

    For how long have I used the solution?

    I've been using this solution for six years. 

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    We didn't test the scalability but I believe it has that capacity. We have 500 users. 

    How are customer service and support?

    The customer support was great. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I previously used the Microsoft SSL ADMIN tool. The difference between the two is that with Venafi, if you have access to policy, you can create, delete, import and export anything within the tool. With SSL ADMIN, unless you own the certificate, you can't make any changes to that specific activity. If you've been designated as the 'owner' and you leave the company, it's hard to change ownership. Venafi is much more flexible because it allows you to add a group instead of individuals. Even if someone leaves the group, it doesn't affect the system.

    How was the initial setup?

    The initial setup is straightforward although it does require some security training to gain access. 

    What other advice do I have?

    I rate this solution nine out of 10. 

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer1117479 - PeerSpot reviewer
    Vise President at a tech services company with 51-200 employees
    Real User
    Jan 16, 2022
    Important risk reduction by preventing IT outages, but could benefit from cloud services.
    Pros and Cons
    • "The feature that I have found most valuable is their certificate discovery."
    • "So, from the perspective of risk reduction, it can be directly quantified in the value for the customer."
    • "I would like to see included in the next release of Venafi integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it's not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve."
    • "In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there."

    How has it helped my organization?

    In terms of how Venafi has improved our customers' organizations, the most important thing is that it reduces the risk of the outage of some of their IT systems. Sometimes these systems would be directly connected to the revenue generating activities that the client may have. So that risk reduction that can be directly calculated into money for our clients. If their IT system that is connected to production is down one day, they will know exactly how much it would cost them. So, from the perspective of risk reduction, it can be directly quantified in the value for the customer. If I was going to single out the most important feature, that would be probably be it.

    What is most valuable?

    The feature that I have found most valuable is their certificate discovery.

    What needs improvement?

    The user interface could be always improved. But I am a technologist, so I don't care so much about user interface, but the importance that it is user friendly is always appreciated by customers.

    In terms of additional features I would like to see included in the next release of Venafi, I would say integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it is not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve.

    What do I think about the stability of the solution?

    I haven't heard negative things about the stability.

    What do I think about the scalability of the solution?

    In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there. But I guess on the cloud they should not have limitations.

    How was the initial setup?

    To my knowledge, it began with the initial proto-concept. After that, there were some professional services needed to fine tune and integrate with everything that the customer wanted.

    From the top of my head, I think it took less than two months, maybe 6, 7, or 8 weeks, but about two months or less.

    The technical team needed for the installation really depends on the customer's prior knowledge. If they have a good technical team, then the things are much easier. If they don't have... 

    The technical team includes engineers, architects, managers, and administrators for different stages. I guess the architects and system administrators are also involved in the process of purchasing and evaluating if it's a good fit for them. Then the architects are not necessarily needed anymore, but you would have system administrators involved given that certain privileges must be given to this system in order to operate correctly. And then you would have your general IT security administrators for ongoing monitoring of what the Venafi system provides you. This can be taught. You don't have to have a PhD in cryptography to understand this, just be a regular IT business person who has specialized a little bit on security issues. I think they can comfortably master this.

    What was our ROI?

    As I mentioned, there is the risk reduction. If they see the risk reduction, then I think they should go for Venafi or a similar solution. Of course, as products improve and prices go down, even more so. But it is way better to have this kind of solution compared to not having anything, because I see from the IT security business that I have been working in almost 30 years now, if they are not running this or a similar type of solution, they are just asking for trouble. It's more a question of when an outage will happen, than if. So, coming back to the risk reduction, depending of course on the size of the company and their revenues and what type of critical systems they have, they all need to make their decision. But at the end of the day, the vast majority of the customers will see a return on investment if they value the risk reduction.

    What's my experience with pricing, setup cost, and licensing?

    Our customers need to pay for a license, and understanding the pricing and how it might develop in the future is a bit of a pain point. But, it is not too complex either. Sometimes people ask the vendors to predict the future, whereas they themselves cannot provide enough of the information to the vendor in order to be able to estimate correctly. So it kind of goes both ways. I would say the price is fairly good. Is it perfect? No. Is it the worst I've ever seen? Absolutely not.

    What other advice do I have?

    I would say Venafi is definitely among the three most important vendors in this area.

    On a scale of one to ten, I would give Venafi a seven.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Buyer's Guide
    Download our free Certificate Lifecycle Manager Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2026
    Buyer's Guide
    Download our free Certificate Lifecycle Manager Report and get advice and tips from experienced pros sharing their opinions.