CyberArk Certificate Manager Reviews

The last contract I was on, I used it with TPP, and we migrated their internal infrastructure to AWS and then back connected to the database internally in their internal network, and it worked just peachy.

The reporting analysis is what I liked the most about it; that was the nicest thing about it. It helped keep track of certificates and their status and where we needed to make improvements, update, replace things. 

The automation capabilities of Certificate Manager are generally pretty good. It's easy to manage, and whenever I automate things, I generally use PowerShell and it's pretty user-friendly and easy to follow. My background is a C# coder, so PowerShell is easy. 

It handled compliance and regulatory requirements, such as HIPAA, very well overall. The reports that come with it generally are enough to satisfy the auditors, and if they're not, writing a new report is pretty easy, especially using the wizards built in.

I've been using it so long that it's kind of second nature to me. Documentation could use some improvement, but that's about all.

I have been using it since 2010. I last used Certificate Manager in May this year.

I would rate it a nine out of ten for performance and stability.

Scalability is great because it's easy to interconnect different Certificate Manager servers in different segments of the network, so once you've got that open door through the firewall, it's not hard at all.

A couple of years ago, I contacted the technical support for something small and a patch fixed it. I'd rate the support at least a nine out of ten. The support is very good in terms of speed and quality. 

I've done it manually, managed certificates manually, managed them through Microsoft tools, and frankly, Certificate Manager is the easiest and most comprehensive.

The initial deployment was easy for me. For the first time, it took about three days. The easiest part of it is using the discovery tool.

In terms of maintenance, you just have to keep up with the updates. They've generally got something new or good to patch, and if something doesn't work 100%, you'll find a patch on it generally pretty much monthly that could be your solution.

There were three of us for the deployment. Basically a manager and two contractors were involved.

Overall, I'd rate Certificate Manager a nine out of ten.

We use Certificate Manager for certificate management, including tracking expiration dates and automating installations. Certificate Manager eliminates manual installation by automating the process across various endpoints, including servers, load balancers, and cloud workspaces like AWS and Azure.

Certificate Manager solved our healthcare-related identity security problems by automating the monitoring of certificate expiration dates. Previously, this was a manual process, but Certificate Manager automatically emailed certificate owners and their managers, escalating notifications without our intervention. This automation eliminates manual reports and prevents outages caused by certificate expirations.

We currently operate on-premises but have purchased a cloud-based SaaS version of Certificate Manager that is being deployed.

Certificate Manager is generally user-friendly. While administrators require some training, the end-user experience is intuitive. Certificate Manager provides comprehensive user guides with step-by-step instructions, but most users can easily navigate the platform and complete tasks without consulting documentation.

The automation capabilities have significantly improved our workflow by automating the installation of certificates on servers, endpoints, load balancers, and cloud workspaces. This automation has eliminated the need to manually install certificates on each device, saving us valuable time and resources.

Automation helps reduce human error by providing a clear validation trail. For example, within a certificate object, we can easily see where a certificate was installed, such as in AWS or on a load balancer. This automated validation ensures accurate tracking and eliminates the need for manual verification, which can be unreliable and prone to errors.

Certificate Manager simplifies certificate renewal by offering a seamless process that allows users to renew certificates with a single click.

We saw the benefits of Certificate Manager immediately after deploying it, as our previous solution was inadequate. The reporting feature alone significantly improved, allowing us to track every certificate. Certificate Manager's discovery feature also proved invaluable, identifying certificates on our systems that we were unaware of. This allowed us to import them into Certificate Manager, monitor their expiration dates, assign owners, and communicate with those owners about renewals or compliance issues, such as the use of self-signed certificates. By proactively addressing these issues, we ensured the security and compliance of our certificates from day one.

Certificate Manager's reporting capabilities are crucial in helping us meet regulatory compliance requirements. Their signing algorithm report allows us to scan every certificate within our organization to identify any out-of-compliance, such as self-signed certificates. This enables us to locate the certificate owner, have them rectify the issue, and update the certificate in Certificate Manager. The comprehensive reporting facilitates the identification and resolution of any compliance concerns.

Certificate Manager's reporting mechanisms help us reduce our mean time to respond by quickly identifying and addressing compliance issues and compromised certificates. We can locate the certificate owner and promptly fix any non-compliant certificates. In the event of a compromised certificate, Certificate Manager enables us to create a new one swiftly, deploy it to servers or cloud workspaces, and renew and install it within minutes.

Certificate Manager helped us reduce risk exposure by migrating all identified self-signed certificates to trusted certificate authorities during our discovery process, mitigating any associated risks.

We would be overwhelmed if we had to install all these certificates manually on each endpoint. Certificate Manager automates this process, eliminating the need for constant monitoring and freeing up our time significantly. With Certificate Manager, we simply initiate the process and let it run, saving us the equivalent of two additional employees.

While Certificate Managers services come at a cost, the increased efficiency ultimately saves us the expense of hiring two additional employees.

Certificate Manager has a minimal learning curve. New users can typically log in and navigate the product without guidance, with only about 10 percent requiring minor assistance.

The most valuable feature of Certificate Manager is the automation that helps save time and reduce human error.

Certificate Manager could enhance its offerings by providing more automation features. Currently, specific processes require manual installations due to the lack of built-in integrations. While custom scripts can address some gaps, expanding the range of out-of-the-box integrations would significantly improve the user experience.

I have used Certificate Manager for six years.

Certificate Manager's stability has been consistently reliable. We generally experience no problems with its functionality. Occasionally, IAS might become unresponsive after patching, but this issue is not unique to Certificate Manager and could occur with any site.

Our Certificate Manager platform is load-balanced and segregated by team, ensuring that users can only access certificates relevant to their work. This role-based access control enhances scalability and efficiency by providing a focused view of necessary information.

Certificate Manager's technical support is impressively fast. Inquiries are typically addressed the same day, with most issues, even complex ones, resolved within 24 hours. Their responsiveness and efficiency have consistently exceeded our expectations.

Positive

Certificate Manager's pricing appears to be competitive within the market. After evaluating other vendors, we found that Certificate Manager offers good value for the cost, and we are satisfied with their pricing structure.

I would rate Certificate Manager a nine out of ten. There is room for improvement, but we are extremely happy with it.

Certificate Manager requires regular maintenance, such as server patching and yearly software updates, which are common to most applications. Beyond these standard tasks, Certificate Manager does not demand excessive upkeep. 

My main use case for CyberArk Certificate Manager is to manage the secrets and certificates efficiently and securely in my day-to-day work.

I use CyberArk Certificate Manager in our application related to the BFSI domain, where we handle a lot of auth-related certificates and secrets. We utilize CyberArk Certificate Manager to manage them securely and efficiently.

The best features CyberArk Certificate Manager offers are easily onboarding to existing applications and highly optimized retrieval of secrets and certificates.

Easy onboarding to existing applications means that secrets we already have can be placed in CyberArk Certificate Manager easily, and retrieving those secrets is a very simple process.

CyberArk Certificate Manager has positively impacted my organization. Earlier, we were using other technologies, and whenever we needed to update the certificates or secrets, it was challenging.

Since using CyberArk Certificate Manager, it saves a lot of time, reduces errors, and makes compliance much easier. I have seen approximately 40% time saving with CyberArk Certificate Manager, and in terms of error reduction, I have seen a 50% change.

CyberArk Certificate Manager is great and does not need improvements.

I have been using CyberArk Certificate Manager for more than two years.

CyberArk Certificate Manager is stable in my experience.

In terms of scalability, CyberArk Certificate Manager is perfect.

Customer support for CyberArk Certificate Manager is great, very supportive, and achievable.

Negative

Before CyberArk Certificate Manager, we were using HashiCorp Vault, and we switched because of the features of CyberArk Certificate Manager.

Regarding pricing, setup cost, and licensing for CyberArk Certificate Manager, those were the responsibility of the stakeholders, and I did not have access to those details.

I have seen a return on investment from using CyberArk Certificate Manager. Fewer employees are needed because many of the processes are automated, and time saving has been achieved as we can update and retrieve certificates easily.

We did not evaluate other options besides HashiCorp Vault before choosing CyberArk Certificate Manager.

My advice for others looking into using CyberArk Certificate Manager is that it is better than other tools available in the market, and it is very optimized and efficient. I would rate this product a 9 out of 10.

I work in telecom. I am not only working with Certificate Manager; I am also working with other CyberArk products.

The most important use case for us is certificate inventory, discovery, automation, and lifecycle management of multiple endpoints across multiple platforms. We automate certificates on various platforms, including OpenShift. We are working on Azure migrations. Certificate Manager acts as a central core platform. It provides a view of every application certificate hosted and serves as a central system to implement security governance policies. Certificate Manager acts as the heart of everything we do.

Its automation capabilities are strong, supported by robust driver setups. Additionally, Certificate Manager training materials and documentation help end users of various technical levels effectively. In a large company like ours, not every user is the same. They do not have the same level of technical understanding. A good thing is that their documentation is good and detailed. You can take a driver and go step by step. It clearly explains to you what you have to configure.

We have reduced 80% to 90% of our outages with Certificate Manager, which impacts the revenue substantially. They have introduced automation for OpenShift through Certificate Manager which has made the lives of developers much easier. Whenever we want to implement some policies, we target only one secret. The developers get to focus on developing their applications. They can spend time on their applications and leave the security for us.

I have done PoCs with multiple vendors. Compared to others, Certificate Manager is a bit advanced. They are three to six months ahead in terms of technology. For Azure integration, they have an out-of-the-box driver. There is no need to spend time. We just need to follow the step-by-step process that they have explained, and that is it. It works.

We previously had an in-house tool that only gave us notifications and reminders. With Certificate Manager, we have consolidated all the principles in a central platform. It helps teams to have a central view of anything. We have also integrated Certificate Manager with a lot of vulnerability management tools to have a central view. We are using reporting to have a central plane of data where every week, anyone can come and see the status.

It helps notify people. It gives a heads-up to the people regarding what is happening in their system for their certificates. It has reduced the overall complexity. We are not where we were five years ago. If we want to change the root certificate altogether, we can just push it from Certificate Manager. We just push the certificate onto the endpoint. Most people are now aware of what is happening with their applications.

The core principle of policies, automation, and notifications has reduced the time for a product to be deployed in production. It helped people understand how to use a certificate and how to configure it.

It has saved time. Previously, if the application team wanted to deploy something, they had to rebuild the code and other things. They used to take two days, which has now been reduced to almost half an hour. Once they configure it, they just push it. Even for OpenShift, the time was reduced from five hours to ten minutes.

The most important feature for us is the ease of use. If something is not available, we can develop our own scripts for it. We can create change management around this tool.

We also have a lot of control, such as deciding when our application team wants to push implementations and making detailed reports. We can have reporting for change management, problem management, and lifecycle management. If someone is not renewing on time, we can notify them that this has been scheduled. We can do tracking and have workflows around it. It is easy. We can integrate it with almost everything.

The product was really good when it was a Certificate Manager product. However, since its acquisition by CyberArk, there has been a lack of significant innovations. They are pushing for cloud adoption, but we prefer on-premises solutions due to regulatory concerns. They are giving support for cloud-based and SaaS solutions. I would like equivalent support for on-premises ecosystems.

Integrating Certificate Manager with CyberArk's Conjur for centralized secret management is currently challenging for us. Conjur is a central platform where applications can store all kinds of secrets, even certificates, private keys, and passwords in a central location, and that can be distributed everywhere. This integration is crucial for our seamless operations, and we have been awaiting a solution for nearly two years.

I have been using the solution since 2021, so it has been almost four years.

We encounter hiccups, but 95% of the time, it runs perfectly fine for us.

Scalability is an issue for us, requiring new components or servers for installation. Horizontal scaling is a necessity rather than vertical scaling. However, with a proper ecosystem design, it should not pose significant problems.

We worked directly with Certificate Manager professional support, and our experience was excellent. Their technical support is knowledgeable and helpful, making Certificate Manager stand out among other CyberArk products.

Positive

We initially had our own in-house component for lifecycle management, but it was not effective. We developed our own scripts, but they did not fulfill all our needs. This led us to adopt Certificate Manager.

I was responsible for choosing and deploying this solution. Its initial setup is straightforward, but they have to improve the upgrade process. In a distributed network, you have machines everywhere, and it takes time. They have improved it a bit, but sometimes it is better to do it server by server. 

Overall, it is easy. You just have to install the package on a server. That is it. You can enforce policies. All CyberArk products are like this.

After we started using the product, we saw its value within nine months. The shorter the certificate lifecycle, the more apparent the benefits. We have policies that allow us to realize the value within approximately nine months.

We took approximately three to four months to prepare the setup for automation. It took about eight to nine months for all the teams to get used to it. In a year, it was completely in production and operational mode. The application team started using the automation principles and following the self-service model. Our team is not involved in anything. People come and have a certificate. They do their automation on their own.

It does not require any maintenance. If you have implemented it well, It just keeps running. You have to build your process around it. We planned it and got it reviewed by Certificate Manager. We are following the best standards and best practices of the industry. We upgraded it in November, and so far, we have not touched anything. It is just running on the latest version.

We worked directly with Certificate Manager professional support.

Measuring benefits or returns in security is challenging for us. We reduced outages by 80% but quantifying that in terms of revenue saved is difficult, as each outage has its unique value.

The pricing has increased for us, impacting our organization due to its operational expenditure (OPEX). The pricing model is complex, considering factors beyond the number of certificates. This complexity can make our payments to Certificate Manager challenging if costs continue to rise. It is good but more expensive than the competitors.

We conducted a proof of concept with two vendors aside from Certificate Manager. The ease of use, responsiveness, and accuracy made Certificate Manager stand out. Certificate Manager reliably executed tasks and provided feedback. That gave it an edge over other products. However, now, Certificate Manager lacks innovation which seems to be an issue with all CyberArk products.

To someone who is looking into Certificate Manager but already has a legacy solution in place, I would recommend going for Certificate Manager. It helps understand the ecosystem and enforce policies. You can have visibility into all the certificates and automation with the cloud and on-premises solutions. Integration is easy and straightforward.

You should understand how teams are organized in your company before starting with Certificate Manager because everything is based on permission sets. After identifying the teams, you can prepare policies for them and integrate them with Certificate Manager.

Overall, I would rate Certificate Manager an eight out of ten.

My main use case for CyberArk Certificate Manager involves checking the client's internal servers, the people's practices, and granting access to accounts to ensure that their credentials are not compromised.

I have been using it as a main use case for years, and it performs well.

The logging feature makes my job easier and more efficient by allowing us to move away from manual checks. With automation, we can clearly see who has done what.

CyberArk Certificate Manager offers many features, making it very useful for PAM solutions and other credential rotations.

CyberArk Certificate Manager has positively impacted my organization by automating the credential process, allowing users to rotate and share passwords with no human intervention required.

I believe CyberArk Certificate Manager can be improved with the integration of AI and other tool leverages for more efficient work.

I estimate that I have been working with CyberArk Certificate Manager for nearly two years across my client projects.

CyberArk Certificate Manager is stable.

CyberArk Certificate Manager has good scalability.

In my experience, CyberArk Certificate Manager can handle a high number of users and maintains efficiency among people.

CyberArk Certificate Manager's customer support is good.

On a scale of one to ten, I would rate the customer support a nine.

Positive

I did not previously use a different solution before CyberArk Certificate Manager; it was all manual activity.

My organization has taken care of the pricing, setup cost, and licensing.

My experience with the pricing, setup cost, and licensing was straightforward and reasonably priced.

I have seen a return on investment in terms of money saved and time saved.

CyberArk Certificate Manager has delivered a significant reduction in manual work.

Before choosing CyberArk Certificate Manager, I did not evaluate other options.

My advice to others looking into using CyberArk Certificate Manager is that it is good and reliable.

People have significantly improved their operations with CyberArk Certificate Manager.

I have no additional concerns about CyberArk Certificate Manager; it is excellent. I would rate this review a ten out of ten.

In my testing and support role as an analyst, I handle a certificates list, checking their expiry dates, and if a certificate is expiring within a month, we ask if there are any private keys to add; if not, we put a public key for renewal or creation based on the expiry date, and we obsolete certificates not in use from the Venafi tool.

The best feature I appreciate about Venafi is its user interface, which allows me to search for any particular certificate and immediately see the certificate details and expiry. I mostly appreciate how user-friendly the UI is. The Venafi solution has helped my organization by allowing us to manage certificates directly instead of relying on server administrators to perform tasks such as renewing and obsoleting.

As an end user, I cannot specifically point out improvements, but I believe it would be beneficial to display active certificates in a separate column on the UI, so users can easily find what they need. Additionally, I think notifications for certificate expirations could include varying time frames such as 60 days or 15 days to better inform end users.

I have been using the Venafi tool for almost six plus years when I worked for Lloyds Banking Group, particularly for certification tasks such as obsoleting, creating, and renewing.

For the stability of the solution itself, I would rate it a seven.

I am not sure about the total users across the whole company, but in our team, there are about 10 to 15 people.

I only utilize Venafi for certificate renewal, so I cannot compare it to other products.

We do not handle the deployment ourselves as different teams manage the installation.

The overall time saved from automating processes compared to manual work could be around ten percent.

Although I am not fully aware of compliance matters, I believe Venafi maintains good authentication since only authorized users can log in, preventing compliance issues. Different clients such as Walmart and Lloyds will have their certificates in separate folders to ensure that data from one client does not mix with another. I am not aware of Venafi's pricing.

Overall, I would rate Venafi a seven because, from my perspective, that feels accurate.

My use cases for Certificate Manager were for the Certificate Manager Trust Protection Platform, managing infrastructure PKI and certificates.

Certificate Manager's automation capabilities are very good, which is why we used it. Certificate Manager's ability to stay updated on the most current certification renewals was also very good. Certificate Manager's ability to safeguard my financial services infrastructure was good; we had no problems with that. Certificate Manager's ability to help with compliance and regulatory requirements, including SOX and Swift, was great. This is a major selling point.

In terms of areas for improvement, one thing that we did not appreciate about Certificate Manager was having agents on everything. An agent needed to be installed everywhere to handle the certificate management. Having the agents everywhere is not ideal and is always problematic. Having the agent everywhere is not the best for security, which was our other significant concern.

I have been using Certificate Manager for about two years in my career. I am not currently using it at my current job, but rather at my previous position.

I have no issues about Certificate Manager's stability; it demonstrated good stability.

Certificate Manager's scalability was good as well.

I have contacted Certificate Manager's technical support and customer support. We worked with their consulting group during implementation. I went through the whole implementation phase and they were very effective. For Certificate Manager's support, I would rate them eight or nine out of ten.

Positive

I have not used any alternatives to Certificate Manager; nothing at that scale of management.

It took me about six months to a year to fully deploy Certificate Manager across the entire enterprise.

The implementation involved a whole team operation with approximately five or six people in total, including myself, several colleagues, and consultants.

The mean time to respond was significantly reduced with Certificate Manager.

When I was working with Certificate Manager, I was working in financial services as a user of the product and not a partner of Certificate Manager. On a scale from 1 to 10, I would rate Certificate Manager overall for everything an eight.

We are using Certificate Manager as a certificate lifecycle management tool and for notifications, specifically certificate expiry notifications. Currently, we are working on automation by using Certificate Manager for automatically installing the certificates on different key stores.

By using Certificate Manager, we have reduced our potential risk significantly due to certificate expiry, as all teams are getting emails before 60 days and 90 days, which is helpful.

It has reduced our manual efforts significantly. Earlier, if it took us 10 minutes to issue one certificate, by using Certificate Manager, we are now issuing it in 5 minutes, which is a 50% time saving. 

We are actively monitoring every certificate within our organization. It allows us to know which specific part or server each certificate is being used for. Through our monitoring efforts, we can provide detailed information about each certificate, ensuring our organization is well-informed.

It has improved our operational efficiency by 70% to 80%.

Certificate Manager is a versatile tool, providing many services beyond the tools present in the market. The best feature is that Certificate Manager automatically discovers certificates in the environment and onboards them in the dashboard. Using Certificate Manager, we can automate and install certificates on target machines without human intervention, making it an excellent tool for automation and certificate lifecycle management.

Certification renewal is the fundamental aspect of Certificate Manager, and it meets current market standards, setting the benchmark. We are monitoring each certificate, so our organization is aware of which server uses that certificate, and based on the monitoring, we can access all certificate details, which provides great help.

The solution's ease of use is moderate, and I suggest that the documentation by Certificate Manager should be more linear or simpler because when new associates or trainees try to learn the tool, the documentation is difficult to understand.

Integrating Certificate Manager into existing systems is quite easy; however, the documentation should be improved as we have to conduct analysis from our end, and the documentation hasn't presented information in a proper or linear fashion.

The support from Certificate Manager needs improvement based on my experience. The response time needs improvement, and it takes too long to resolve or provide solutions for some tickets.

I have been working with Certificate Manager for three years.

It's stable. I would assess the stability as eight out of ten. 

It's scalable. Scalability is rated an eight out of ten.

In our organization, we currently have around 15 members working on Certificate Manager, with more than 300 to 400 people having read access to the dashboard to view their certificates.

The support from Certificate Manager needs improvement. I would rate the technical support a seven out of ten.

Positive

The initial setup process can be a bit complex, but I would classify it as medium-level difficulty. One area for improvement is the documentation, as clearer guidelines would facilitate more effective automation. Based on the current documentation, it typically takes us four to five weeks to deploy any updates or changes. Unfortunately, we've encountered difficulties in locating the necessary information.

We perform maintenance on a quarterly or semi-annual basis to ensure everything runs smoothly.

It brings value from day one; deploying this solution definitely provides beneficial value.

Certificate Manager is versatile, providing numerous features compared to other tools in the market. If I were to recommend a tool to anyone, I would choose Certificate Manager over others.

For certificate-related tasks, we can work on the PCI and DSS components, but regarding Certificate Manager specifically, there isn't a need for PCI and DSS compliance. If we want to install private keys, we need to consider compliance issues, but if we are not installing private keys, there is no need to comply with current governance rules.

I would rate Certificate Manager an eight out of ten, as it has versatility and offers many features compared to tools available in the market for certificate lifecycle management.