certPush – Key recovery and certificate distribution
Secardeo certPush is a key recovery and distribution service for archived private user keys and is an extension for certEP or a Microsoft CA. With certPush, X.509 user certificates and PKI private keys can be simply recovered using standard Microsoft key recovery mechanisms and securely distributed to all devices of a user in a protected PFX (.P12) container. Certificate distribution can be done automatically via secure e-mail, e.g. for unmanaged devices, or via MDM system for managed devices. The user certificates or S/MIME certificates may stem from an internal Microsoft CA or a public CA like SwissSign or QuoVadis using certEP. A user can for example then encrypt and decrypt his e-mails on his smartphone.
certPush supports the recovery of single private keys and batch recoveries of private keys of multiple users. Secardeo certPush can either recover only the current certificate and private key of a user or the whole key history into a .P12 container. certPush enables the automated user certificate distribution to mobile devices in an enterprise running iOS, Android or Windows Phone.
For automatically distributing certificates to managed iOS devices using high security and end-to-end encrypted key containers, the Secardeo certMode MDM proxy can be used in addition. certPush will then serve as a secure key recovery service.
The following features are supported:
- Recovery of keys archived in Secardeo certEP v4 or a Windows CA by Key Recovery Agents
- Secure distribution of private keys to other clients (i.e. mobile devices) via e-mail or MDM upload
- Automatic key distribution based on a list of e-mail addresses or account names
- Periodic background distribution (certPush service)