Secardeo certPush is a software solution designed to automate the recovery and secure distribution of X.509 S/MIME user certificates and private keys from a central key archive to all user devices, including both managed (via MDM) and unmanaged devices (via secure e-mail). It enables users to decrypt, encrypt, and sign e-mails on mobile devices (iOS, Android), Windows, and Mac systems by ensuring all devices have access to the necessary private keys. certPush integrates with enterprise PKI environments, supports key recovery from Microsoft CA or Secardeo TOPKI archives, and distributes certificates in encrypted containers, maintaining compliance and security for enterprise e-mail communication.

Key Features

Automated Certificate and Key Distribution

• Distributes S/MIME certificates and private keys to all user devices.
• Supports both managed (MDM) and unmanaged (e-mail) endpoints.

Centralized Key Recovery

• Recovers private keys from Microsoft CA (ADCS), Secardeo TOPKI, or encrypted PFX folders.
• Supports standard Microsoft key recovery mechanisms (Key Recovery Agents).

Flexible Delivery Methods

• Pushes certificates via secure e-mail for unmanaged devices.
• Integrates with MDM systems (e.g., Intune, Airwatch, MobileIron) for managed devices.

Secure Key Transfer

• Delivers private keys in encrypted PKCS#12 (.PFX) containers.
• End-to-end encrypted password transfer for key import.

Batch and Individual Key Handling short description

• Supports single or batch recovery/distribution for multiple users.
• Can deliver current or historical key sets.

Self-Service and API Integration

• Enables web-based self-service key import (certPush KRS).
• Integrates with enterprise systems and supports periodic background distribution.

Benefits

Enhanced Security and Compliance

• Ensures end-to-end e-mail encryption and digital signatures across all devices.
• Maintains compliance with enterprise PKI policies and secure key handling.

Operational Efficiency

• Automates complex certificate/key distribution processes, reducing manual workload.
• Scales for both small and large organizations with batch operations and integration.

User Mobility and Accessibility

• Users can read encrypted e-mails and sign messages on any device, anywhere.
• Supports major mobile e-mail clients and platforms.