Book Demo!

About Keys and Certificates

A security certificate, as well as a digital key, is a small file that binds a cryptographic cypher to an organization’s detail. A cryptographic algorithm uses certificates to encrypt or sign data producing security messages unique for its users. A WEB Server uses an SSL certificate to establish an encrypted channel between named URL and WEB site users. Developers use code signing certificates to digitally sign code distributed to their users. Computers use keys instead of passwords to authenticate users when they login. From a user’s perspective keys and certificates are secret files that unlock some valuable resource or are used as proof of the identity of the user, organization or software.

Certificate Key Storage XtonTech Xton Technologies Identity Manager Access Session Manager

A typical organization has many certificates. Mergers and acquisitions as well as numerous internal software services require unique certificates and keys bound to multiple domains, computers and end points. In most cases i’s hard or impractical to consolidate these certificates. Also, too much consolidation leads to more security risks in cases when one key provides access to too many resources. It’s hard to control role based access to resources and, losing or compromising a certificate becomes a major network issue.

Storage for Keys

With so many certificates or keys to store the question is where to store them? The storage should ideally provide role based access to certificates, allow sharing them inside the organization and include audit trail logs covering permission and access related events. The storage should have some form of encryption on the back end too.

However, the typical state of certificate handling involves storing these keys in a network folder open for everybody or in a mail server where they end up after many forwards by users who cannot access this folder but still need them. Designating one person to keep watch on these keys also seems like a poor solution. In this case these certs will most likely end up on this person’s laptop and sharing is still a problem. Even just a slight improvement upon this situation would better the handling of company security and identity.

This article will analyze several options to store digital keys and certificates that are realistic to implement without investing too many resources and without sacrificing even more security.

Options for the Storage


Content Management System

Compared with storing certificates on a laptop hard drive, Content Management System (CMS) sounds like an upgrade. Both an on-premises (Microsoft SharePoint) or cloud (Google Drive, Office 365 or Box.netsolution will do the job. Modern WEB based CMS can provide central storage, secure remote WEB access, item level permissions, metadata associated with certificates, search and logs for the audit.

Many organizations already have CMS implemented for content workflow. It simplifies their adoption as certificate storage.

Identity Vault

Identity vault is a specialized content management system to store passwords, keys and certificates. In addition to the benefits provided by CMS, identity vaults can encrypt data in the back end storage, generate additional logging and implement field level permissions. Also, identity vaults usually include special API to access certificates in the places that need them, like code signing or computer access. It improves overall system security because some users can initiate or use the process that requires a certificate from the storage without actually accessing the certificate itself. The process will retrieve the certificate when needed instead.

CyberArk, Thycotic and Manage Engine are examples of the vendors distributing enterprise class identity vaults.

Session Manager

In addition to the benefits provided by identity managers, session manager can establish access to a remote computer using the certificate from the vault. It solves the problem of exposing the certificate to the user. Not all certificates are used as keys to access remote computers but those that are could benefit from using session managers.

CyberArk, BeyondTrust and Xton Tech are examples of the vendors building session management solutions on top of their identity vaults. Session managers used to be complex and hard to implement. They often require agent software on client computers as well on servers. However, these days look for the affordable agentless solution with simple implementation and licensing options.

Download Today!

Xton Access Manager is an agentless, cross-platform privileged access management solution with unlimited licensing model built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.

Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.

    Please fill out the form below to download Xton Access Manager.

    What interests you most about Xton Access Manager?

    Trial registration may take up to 30 seconds to complete. Please do not Refresh this page after submitting.


    Mark Klinchin

    I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

    Related Posts


    Improving Database Security with Privileged Access Management

    Cybercriminals and hackers want access to your most sensitive information and systems. Customer data, PPI, and company secrets are often kept in databases. With cyber threats on the rise, database security has never been more Read more…


    The Challenge with Jump Servers and Privileged Accounts

    A lot of companies rely on jump servers as part of their security strategy.  It’s common for a company to create a jump server for IT administrators to connect to SSH and RDP as part Read more…


    Insider Abuse, Google and Privileged Users

    Recent news reports found that Google fired dozens of employees from 2018 -2020 for abusing their access to company data. While insider abuse is not new, it is a growing threat and one that companies Read more…

    Copyright © 2020 Xton Technologies, LLC. All rights reserved.