CyberArk Certificate Manager Reviews

We use Certificate Manager for certificate management, including tracking expiration dates and automating installations. Certificate Manager eliminates manual installation by automating the process across various endpoints, including servers, load balancers, and cloud workspaces like AWS and Azure.

Certificate Manager solved our healthcare-related identity security problems by automating the monitoring of certificate expiration dates. Previously, this was a manual process, but Certificate Manager automatically emailed certificate owners and their managers, escalating notifications without our intervention. This automation eliminates manual reports and prevents outages caused by certificate expirations.

We currently operate on-premises but have purchased a cloud-based SaaS version of Certificate Manager that is being deployed.

Certificate Manager is generally user-friendly. While administrators require some training, the end-user experience is intuitive. Certificate Manager provides comprehensive user guides with step-by-step instructions, but most users can easily navigate the platform and complete tasks without consulting documentation.

The automation capabilities have significantly improved our workflow by automating the installation of certificates on servers, endpoints, load balancers, and cloud workspaces. This automation has eliminated the need to manually install certificates on each device, saving us valuable time and resources.

Automation helps reduce human error by providing a clear validation trail. For example, within a certificate object, we can easily see where a certificate was installed, such as in AWS or on a load balancer. This automated validation ensures accurate tracking and eliminates the need for manual verification, which can be unreliable and prone to errors.

Certificate Manager simplifies certificate renewal by offering a seamless process that allows users to renew certificates with a single click.

We saw the benefits of Certificate Manager immediately after deploying it, as our previous solution was inadequate. The reporting feature alone significantly improved, allowing us to track every certificate. Certificate Manager's discovery feature also proved invaluable, identifying certificates on our systems that we were unaware of. This allowed us to import them into Certificate Manager, monitor their expiration dates, assign owners, and communicate with those owners about renewals or compliance issues, such as the use of self-signed certificates. By proactively addressing these issues, we ensured the security and compliance of our certificates from day one.

Certificate Manager's reporting capabilities are crucial in helping us meet regulatory compliance requirements. Their signing algorithm report allows us to scan every certificate within our organization to identify any out-of-compliance, such as self-signed certificates. This enables us to locate the certificate owner, have them rectify the issue, and update the certificate in Certificate Manager. The comprehensive reporting facilitates the identification and resolution of any compliance concerns.

Certificate Manager's reporting mechanisms help us reduce our mean time to respond by quickly identifying and addressing compliance issues and compromised certificates. We can locate the certificate owner and promptly fix any non-compliant certificates. In the event of a compromised certificate, Certificate Manager enables us to create a new one swiftly, deploy it to servers or cloud workspaces, and renew and install it within minutes.

Certificate Manager helped us reduce risk exposure by migrating all identified self-signed certificates to trusted certificate authorities during our discovery process, mitigating any associated risks.

We would be overwhelmed if we had to install all these certificates manually on each endpoint. Certificate Manager automates this process, eliminating the need for constant monitoring and freeing up our time significantly. With Certificate Manager, we simply initiate the process and let it run, saving us the equivalent of two additional employees.

While Certificate Managers services come at a cost, the increased efficiency ultimately saves us the expense of hiring two additional employees.

Certificate Manager has a minimal learning curve. New users can typically log in and navigate the product without guidance, with only about 10 percent requiring minor assistance.

The most valuable feature of Certificate Manager is the automation that helps save time and reduce human error.

Certificate Manager could enhance its offerings by providing more automation features. Currently, specific processes require manual installations due to the lack of built-in integrations. While custom scripts can address some gaps, expanding the range of out-of-the-box integrations would significantly improve the user experience.

I have used Certificate Manager for six years.

Certificate Manager's stability has been consistently reliable. We generally experience no problems with its functionality. Occasionally, IAS might become unresponsive after patching, but this issue is not unique to Certificate Manager and could occur with any site.

Our Certificate Manager platform is load-balanced and segregated by team, ensuring that users can only access certificates relevant to their work. This role-based access control enhances scalability and efficiency by providing a focused view of necessary information.

Certificate Manager's technical support is impressively fast. Inquiries are typically addressed the same day, with most issues, even complex ones, resolved within 24 hours. Their responsiveness and efficiency have consistently exceeded our expectations.

Positive

Certificate Manager's pricing appears to be competitive within the market. After evaluating other vendors, we found that Certificate Manager offers good value for the cost, and we are satisfied with their pricing structure.

I would rate Certificate Manager a nine out of ten. There is room for improvement, but we are extremely happy with it.

Certificate Manager requires regular maintenance, such as server patching and yearly software updates, which are common to most applications. Beyond these standard tasks, Certificate Manager does not demand excessive upkeep. 

In my testing and support role as an analyst, I handle a certificates list, checking their expiry dates, and if a certificate is expiring within a month, we ask if there are any private keys to add; if not, we put a public key for renewal or creation based on the expiry date, and we obsolete certificates not in use from the Venafi tool.

The best feature I appreciate about Venafi is its user interface, which allows me to search for any particular certificate and immediately see the certificate details and expiry. I mostly appreciate how user-friendly the UI is. The Venafi solution has helped my organization by allowing us to manage certificates directly instead of relying on server administrators to perform tasks such as renewing and obsoleting.

As an end user, I cannot specifically point out improvements, but I believe it would be beneficial to display active certificates in a separate column on the UI, so users can easily find what they need. Additionally, I think notifications for certificate expirations could include varying time frames such as 60 days or 15 days to better inform end users.

I have been using the Venafi tool for almost six plus years when I worked for Lloyds Banking Group, particularly for certification tasks such as obsoleting, creating, and renewing.

For the stability of the solution itself, I would rate it a seven.

I am not sure about the total users across the whole company, but in our team, there are about 10 to 15 people.

I only utilize Venafi for certificate renewal, so I cannot compare it to other products.

We do not handle the deployment ourselves as different teams manage the installation.

The overall time saved from automating processes compared to manual work could be around ten percent.

Although I am not fully aware of compliance matters, I believe Venafi maintains good authentication since only authorized users can log in, preventing compliance issues. Different clients such as Walmart and Lloyds will have their certificates in separate folders to ensure that data from one client does not mix with another. I am not aware of Venafi's pricing.

Overall, I would rate Venafi a seven because, from my perspective, that feels accurate.

My use cases for Certificate Manager were for the Certificate Manager Trust Protection Platform, managing infrastructure PKI and certificates.

Certificate Manager's automation capabilities are very good, which is why we used it. Certificate Manager's ability to stay updated on the most current certification renewals was also very good. Certificate Manager's ability to safeguard my financial services infrastructure was good; we had no problems with that. Certificate Manager's ability to help with compliance and regulatory requirements, including SOX and Swift, was great. This is a major selling point.

In terms of areas for improvement, one thing that we did not appreciate about Certificate Manager was having agents on everything. An agent needed to be installed everywhere to handle the certificate management. Having the agents everywhere is not ideal and is always problematic. Having the agent everywhere is not the best for security, which was our other significant concern.

I have been using Certificate Manager for about two years in my career. I am not currently using it at my current job, but rather at my previous position.

I have no issues about Certificate Manager's stability; it demonstrated good stability.

Certificate Manager's scalability was good as well.

I have contacted Certificate Manager's technical support and customer support. We worked with their consulting group during implementation. I went through the whole implementation phase and they were very effective. For Certificate Manager's support, I would rate them eight or nine out of ten.

Positive

I have not used any alternatives to Certificate Manager; nothing at that scale of management.

It took me about six months to a year to fully deploy Certificate Manager across the entire enterprise.

The implementation involved a whole team operation with approximately five or six people in total, including myself, several colleagues, and consultants.

The mean time to respond was significantly reduced with Certificate Manager.

When I was working with Certificate Manager, I was working in financial services as a user of the product and not a partner of Certificate Manager. On a scale from 1 to 10, I would rate Certificate Manager overall for everything an eight.

We are using Certificate Manager as a certificate lifecycle management tool and for notifications, specifically certificate expiry notifications. Currently, we are working on automation by using Certificate Manager for automatically installing the certificates on different key stores.

By using Certificate Manager, we have reduced our potential risk significantly due to certificate expiry, as all teams are getting emails before 60 days and 90 days, which is helpful.

It has reduced our manual efforts significantly. Earlier, if it took us 10 minutes to issue one certificate, by using Certificate Manager, we are now issuing it in 5 minutes, which is a 50% time saving. 

We are actively monitoring every certificate within our organization. It allows us to know which specific part or server each certificate is being used for. Through our monitoring efforts, we can provide detailed information about each certificate, ensuring our organization is well-informed.

It has improved our operational efficiency by 70% to 80%.

Certificate Manager is a versatile tool, providing many services beyond the tools present in the market. The best feature is that Certificate Manager automatically discovers certificates in the environment and onboards them in the dashboard. Using Certificate Manager, we can automate and install certificates on target machines without human intervention, making it an excellent tool for automation and certificate lifecycle management.

Certification renewal is the fundamental aspect of Certificate Manager, and it meets current market standards, setting the benchmark. We are monitoring each certificate, so our organization is aware of which server uses that certificate, and based on the monitoring, we can access all certificate details, which provides great help.

The solution's ease of use is moderate, and I suggest that the documentation by Certificate Manager should be more linear or simpler because when new associates or trainees try to learn the tool, the documentation is difficult to understand.

Integrating Certificate Manager into existing systems is quite easy; however, the documentation should be improved as we have to conduct analysis from our end, and the documentation hasn't presented information in a proper or linear fashion.

The support from Certificate Manager needs improvement based on my experience. The response time needs improvement, and it takes too long to resolve or provide solutions for some tickets.

I have been working with Certificate Manager for three years.

It's stable. I would assess the stability as eight out of ten. 

It's scalable. Scalability is rated an eight out of ten.

In our organization, we currently have around 15 members working on Certificate Manager, with more than 300 to 400 people having read access to the dashboard to view their certificates.

The support from Certificate Manager needs improvement. I would rate the technical support a seven out of ten.

Positive

The initial setup process can be a bit complex, but I would classify it as medium-level difficulty. One area for improvement is the documentation, as clearer guidelines would facilitate more effective automation. Based on the current documentation, it typically takes us four to five weeks to deploy any updates or changes. Unfortunately, we've encountered difficulties in locating the necessary information.

We perform maintenance on a quarterly or semi-annual basis to ensure everything runs smoothly.

It brings value from day one; deploying this solution definitely provides beneficial value.

Certificate Manager is versatile, providing numerous features compared to other tools in the market. If I were to recommend a tool to anyone, I would choose Certificate Manager over others.

For certificate-related tasks, we can work on the PCI and DSS components, but regarding Certificate Manager specifically, there isn't a need for PCI and DSS compliance. If we want to install private keys, we need to consider compliance issues, but if we are not installing private keys, there is no need to comply with current governance rules.

I would rate Certificate Manager an eight out of ten, as it has versatility and offers many features compared to tools available in the market for certificate lifecycle management.

We use Certificate Manager for PKI certificates.

Certificate Manager's overall installation could be made easier. You have to install the client, then go to the console and push the certificate.

I have been using Certificate Manager for three to four months.

More than 10,000 users are using Certificate Manager in our organization.

Certificate Manager was deployed in less than 30 minutes. I did Certificate Manager's deployment by myself, but we had to go through some processes to get the PKI certificate for the enterprise side. Then, they create the certificate, and we deploy it.

Certificate Manager has some additional functionalities for managing PKI certificates compared to other certificate deployment products. I would recommend Certificate Manager to other users.

Overall, I rate Certificate Manager an eight out of ten.

We use this product for our clients' server authentication and application ID certificate. We create the certificate so that when a user tries to access an application, it looks for that specific certificate based on the volume information and it authenticates on that basis. I'm a lead system operation engineer and we are customers of Venafi. 

If you want to automate anything, renew the certificate and apply to whatever environment you need, whether it is on-premise or cloud, automation is possible. You just need to have your integration set up. Venafi takes care of automatically renewing and deploying your certificate so that you don't need to worry when it expires. It also minimizes downtime and has good integration. 

For Java applications, we currently convert the certificate in JKS manually. It would be helpful to have the capability to download certificates in JKS automatically. Venafi only provides CER and no other format. They provide an option for JKS, but that certificate doesn't work because of some configuration issues. 

I've been using this solution for six years. 

The solution is stable.

We didn't test the scalability but I believe it has that capacity. We have 500 users. 

The customer support was great. 

Positive

I previously used the Microsoft SSL ADMIN tool. The difference between the two is that with Venafi, if you have access to policy, you can create, delete, import and export anything within the tool. With SSL ADMIN, unless you own the certificate, you can't make any changes to that specific activity. If you've been designated as the 'owner' and you leave the company, it's hard to change ownership. Venafi is much more flexible because it allows you to add a group instead of individuals. Even if someone leaves the group, it doesn't affect the system.

The initial setup is straightforward although it does require some security training to gain access. 

I rate this solution nine out of 10. 

In terms of how Venafi has improved our customers' organizations, the most important thing is that it reduces the risk of the outage of some of their IT systems. Sometimes these systems would be directly connected to the revenue generating activities that the client may have. So that risk reduction that can be directly calculated into money for our clients. If their IT system that is connected to production is down one day, they will know exactly how much it would cost them. So, from the perspective of risk reduction, it can be directly quantified in the value for the customer. If I was going to single out the most important feature, that would be probably be it.

The feature that I have found most valuable is their certificate discovery.

The user interface could be always improved. But I am a technologist, so I don't care so much about user interface, but the importance that it is user friendly is always appreciated by customers.

In terms of additional features I would like to see included in the next release of Venafi, I would say integration with the cloud HSM's, Hardware Security Module. Additionally, I would say other cloud services, because it is not only cloud that's essential. If you have a customer that has a lot of their IT moved into cloud, integration with different cloud services is always an area to improve.

I haven't heard negative things about the stability.

In terms of scalability, given that we were in the situation where it was on-prem, there were certain limitations there. But I guess on the cloud they should not have limitations.

To my knowledge, it began with the initial proto-concept. After that, there were some professional services needed to fine tune and integrate with everything that the customer wanted.

From the top of my head, I think it took less than two months, maybe 6, 7, or 8 weeks, but about two months or less.

The technical team needed for the installation really depends on the customer's prior knowledge. If they have a good technical team, then the things are much easier. If they don't have... 

The technical team includes engineers, architects, managers, and administrators for different stages. I guess the architects and system administrators are also involved in the process of purchasing and evaluating if it's a good fit for them. Then the architects are not necessarily needed anymore, but you would have system administrators involved given that certain privileges must be given to this system in order to operate correctly. And then you would have your general IT security administrators for ongoing monitoring of what the Venafi system provides you. This can be taught. You don't have to have a PhD in cryptography to understand this, just be a regular IT business person who has specialized a little bit on security issues. I think they can comfortably master this.

As I mentioned, there is the risk reduction. If they see the risk reduction, then I think they should go for Venafi or a similar solution. Of course, as products improve and prices go down, even more so. But it is way better to have this kind of solution compared to not having anything, because I see from the IT security business that I have been working in almost 30 years now, if they are not running this or a similar type of solution, they are just asking for trouble. It's more a question of when an outage will happen, than if. So, coming back to the risk reduction, depending of course on the size of the company and their revenues and what type of critical systems they have, they all need to make their decision. But at the end of the day, the vast majority of the customers will see a return on investment if they value the risk reduction.

Our customers need to pay for a license, and understanding the pricing and how it might develop in the future is a bit of a pain point. But, it is not too complex either. Sometimes people ask the vendors to predict the future, whereas they themselves cannot provide enough of the information to the vendor in order to be able to estimate correctly. So it kind of goes both ways. I would say the price is fairly good. Is it perfect? No. Is it the worst I've ever seen? Absolutely not.

I would say Venafi is definitely among the three most important vendors in this area.

On a scale of one to ten, I would give Venafi a seven.