CCMS: Certificate Lifecycle Management Made Easy

CCMS 4.9.0

CCMS is a customer-hosted (on-premise or cloud) web service that interfaces with an organization’s infrastructure (Directory, Certificate
Authority) to provision users with certificates seamlessly. CCMS also includes NPE certificate management capabilities providing a full credential management solution for users, devices, and applications.

PKI is Challenging.
Not with CCMS. CCMS makes PKI easy for users and administrators. When combined with ISC’s Credential Management Utility, initial enrollment takes less than 5 seconds of the user’s time and rollover happens automatically and transparently to the user.
Server, device, and application certificates expiring and downing critical services is a thing of the past with CCMS tracking and notification.
CCMS integrates with ISC’s CSPid and Tara to enhance and automate end point credential management so that users and administrators no longer need to even think about PKI. It just works.

Use Cases for CCMS

Escrowing Private Keys
Securely stores user private keys for administrative recovery and credential availability.

Automating Enrollment
Deploys PKI credentials throughout the enterprise by automatically generating keys for the user and installing them in the appropriate key stores. CCMS can execute scripts for additional end point configuration that leverages ISC’s Credential Management Utility (CMU), CSPid, and Tara

Making Credentials Easily Available
Allows users to retrieve their credentials on any workstation at any time using the same simple process as initial enrollment

Managing NPE Certificates
Centrally manage NPE issuance, revocation, expiry notification, and reporting, with or without Tara, to improve server uptime


  • Simplifies management of user, device, and application certificates
  • Lowers costs and reduces complexity of PKI
  • Makes PKI users and administrators happy
  • May be easily deployed and managed
  • Appropriate for organizations of any size, scaling up to millions of users and services
  • Uses NIST CMVP-validated FIPS 140-2 cryptography and today’s proven standards, including ANSI X.509 and IETF PKIX, TLS, and S/MIME

Technical Specifications

  • Complies with NIST FIPS 140-2 Level 1 requirements
  • Exports a PKCS#11 version 2.20 compliant API
  • Imports and exports PKCS#12, PKCS#7, and ASN.1 DER- encoded X.509 certificates
  • Generates up to 8192-bit RSA and up to 571-bit ECDSA PKCS#10 requests
  • Supports SHA-256, SHA-384, and SHA-512
  • Employs password-protected PKCS#15 PDUs for key storage on local, removable, or network-attached drives, using AES-256 for confidentiality and HMAC-SHA-512 for integrity checking

System Requirements

  • Windows Server 2012 R2 or above
  • CentOS 6.7 x86-64 (Linux Kernel 2.6.32-573) or above
  • 4GB RAM, 50GB Disk, CPU w/RDRAND instruction
  • Java Runtime Environment 1.8 or higher
  • PostgreSQL, HyperSQL, or Oracle database
  • CertAgent 6.x or above, RedHat CMS 6 or above, or access to the IC PKI (requires the IC PKI CCMS connector add-on)