Enterprise Resource Security
Mastering Cryptographic Key Lifecycles


Certificate Lifecycle Manager

Certificate Lifecycle Management for more transparency, automation and controlled access for the simple and reliable management of one or more PKIs.

MTG Certificate Lifecycle Manager (MTG CLM) was specifically designed for enterprises to implement certificate management best practices for various use cases.













Certificate Lifecycle


MTG Certificate Lifecycle Manager optimizes all certificate-related processes for the entire certificate lifecycle. Issue, renewal and revocation processes can all be centrally automated, managed and controlled for various use-cases.

Complete and Cost-effective Employee Onboarding!

All required certificates can be issued in a systematic and complete procedure. A structured setup of authorizations ensures workflows in line with compliance guidelines.

Automated device provisioning with User, VPN, SMIME and CA certificates

Expiration notification and automated renewal

Automated import of certificates into LDAP and Active Directory

Map existing authorization structures and processes to certificate issuance (Ex. Active Directory roles)

Onboarding Software integration possible (ex ServiceNow)

Svg+xml;charset=utf 8,%3Csvg Xmlns%3D'http%3A%2F%2Fwww.w3
Svg+xml;charset=utf 8,%3Csvg Xmlns%3D'http%3A%2F%2Fwww.w3

Automation im Certificate Lifecycle Management

Automation of Certificate Lifecycle Management is essential when dealing with large and complex, multivendor certificate environments for use cases such as IoT, server, clients and mobile.

Support for all major PKI interfaces like ACME, EST, CMP

Support of ACME Certbot Client and other ACME clients

REST API and REST CLM Client for automation of non-standard components

Automatically renew and audit the installation of X.509 certificates

Automated revocation service using OSCP and / or CRLs

Certificate Discovery - Full Transparency!

The Certificate Discovery function enables a systematic scanning for unknown certificates. Thanks to network-based sensors and agents all company public and private TLS/SSL certificates are identified and added to the certificate inventory. Dangerous outages due to expired certificates or expensive manual handling is consequently avoided.

Create a digital inventory of all the company’s public and private TLS/SSL certificates.

Discover and automatically import a large number of unknown certificates without additional manual effort across a diverse environment.

Analyze deployed certificates for crypto primitives used and identify potential risks.

Get a complete visual overview through helpful dashboards over all deployed certificates and associated devices.

Stay informed about upcoming expirations.

Use flexible certificate policies to monitor, notify and renew expiring certificates.


The MTG Certificarte Lifecycle Manager architecture is part of the overall MTG ERS ® system. This means that the system can be expanded with further important security components whenever required. This includes the :

Svg+xml;charset=utf 8,%3Csvg Xmlns%3D'http%3A%2F%2Fwww.w3

The targeted entities (servers, clients, IoT devices...) can be optimally accessed and managed via standard or MTG-specific automation clients.

MTG CLM supports a wide range of internal and publicly trusted CAs: e.g., Microsoft CA, LetsEncrypt, Deutsche Telekom (etc.). Security manager are thus relieved of the exhausting task of accessing each CA individually in order to gain insight and control over each certificate.


MTG Certificate Lifecycle Manager offers a comprehensive set of features that provide all the tools needed to implement certificate-based use cases quickly and effectively.

  • Extensive, user-friendly dashboards provide insights into the certificate state of each business domain and allow a quick overview at-a-glance.
  • Extensive, user-friendly dashboards provide insights into the certificate state of each business domain and allow a quick overview at-a-glance.
  • Audit metadata is tracked throughout all application steps and is readily available to MTG CLM administrators.
Detailed Monitoring & Reporting

Always track the status of your certificates and avoid surprises! MTG CLM provides a comprehensive notification system about certificate status changes. Users are informed in time and several times before certificates expire. Punctual and seamless renewal is thus ensured at any time.

Register your business email

Send us your request

Get access and issue your first certificate

Take a deep dive in a future enterprise resource security platform!

Protect your assets with MTG ERS, the modern and innovative certificate and key management platform.