Secardeo certACME is a proxy solution enabling centralized and automated enrollment, renewal, and management of SSL/TLS certificates for servers, clients, and Apple devices using the ACME protocol. It connects internal and external systems to both public and private certificate authorities (CAs), storing all certificates in a central database to ensure control, auditability, and compliance with security policies. certACME supports a broad range of environments, including web servers, Kubernetes clusters, Linux and Windows clients, and integrates with MDM systems for Apple device attestation. The solution automates certificate lifecycle processes, reducing manual effort, minimizing downtime from expired certificates, and enhancing security through features such as approval workflows, whitelisting, and external account binding.

Key Features

Centralized ACME Proxy Automates and manages certificate enrollment and renewal for diverse IT environments.

• Supports web servers (IIS, Apache, NGINX), F5, Ansible, Kubernetes
• Works with ACME clients like certBot, acme.sh, WinAcme

Multi-CA Integration Connects to both public and private CAs, supporting varied deployment needs.

• Integrates with Microsoft ADCS, EJBCA, OpenXPKI, DogTag
• Supports public CAs (Let's Encrypt, ZeroSSL, DigiCert, GlobalSign, AWS)

Apple Device Attestation Enhances device certificate security for Apple devices.

• Uses Apple Device Attestation and MDM lookup (e.g., Intune)
• Secure key pair generation via Secure Enclave

Advanced Security Controls Ensures secure, compliant certificate issuance.

• Whitelisting for DNS/device-IDs
• ACME approval workflows and external account binding (Active Directory integration)
• Crypto policy validation

Centralized Certificate Management All certificates are stored and managed in a central database.

• Auditable processes for compliance
• Automated notifications for administrators

Flexible Validation Methods Multiple challenge types for certificate validation.

• HTTP, DNS, TLS-ALPN validation supported

Benefits

Reduced Downtime and Cost Automates renewals to prevent outages and reduce manual workload.

• Avoids service interruptions from expired certificates
• Lowers operational costs by reducing manual processes

Enhanced Security and Compliance Centralizes control and auditability of certificate management.

• Enforces approval workflows and crypto policies
• Ensures only authorized entities can request certificates

Broad Compatibility and Integration Supports diverse IT infrastructures and device types.

• Works with popular servers, clients, and MDM systems
• Integrates with both public and private CAs