Lights, Coffee, Action: Routines That Work For You

Uncategorized

Discover how SmartThings routines bring ease, energy, and calm to your everyday life.

The post Lights, Coffee, Action: Routines That Work For You appeared first on SmartThings Blog.

Why Every Organization Needs a Crypto Center of Excellence (CCoE) Today

Uncategorized

Not long ago, cryptography management was a quiet, behind-the-scenes task. TLS certificates had long validity periods, post-quantum cryptography (PQC) felt like a distant conversation, and maintaining an up-to-date crypto inventory wasn’t a top priority.

Fast forward to 2025, and the landscape has shifted dramatically. TLS certificate lifespans are shrinking, thanks to CA/Browser Forum mandates. PQC is no longer theoretical—NIST has standardized PQC algorithms, and migration planning is well underway. Meanwhile, regulations are tightening, cyber threats are evolving, and crypto-agility has become a business-critical priority.

Yet, many organizations aren’t ready for the challenges these changes present. While cryptography is embedded everywhere, visibility is limited, cryptographic operations are fragmented, and policies are outdated. Achieving crypto-agility seems impossible when maintaining basic crypto hygiene is already daunting.

As these challenges mount, forward-looking enterprises are now starting to implement an organizational framework focused on improving cryptography and how it is managed: the Crypto Center of Excellence (CCoE).

So, What Exactly Is a Crypto Center of Excellence (CCoE)?

A Crypto Center of Excellence is a framework that brings together people, processes, and technology to oversee and manage an organization’s cryptographic strategy and operations. The primary goal of a CCoE is to serve as the central authority, ensuring cryptographic practices are standardized, efficient, and aligned with the organization’s security objectives.

Key responsibilities of a CCoE include:

• Centralizing visibility into certificates, keys, and trust stores to ensure awareness and oversight
• Defining crypto policies and standards, such as algorithms, key sizes, and usage limits, to promote consistency and enable better governance
• Standardize crypto operations (certificate and key lifecycle management) across business units to mitigate the risk of crypto-related outages and vulnerabilities
• Align cryptographic practices with zero-trust architecture and secure DevOps methodologies to enhance overall security posture
• Ensure audit readiness and compliance with industry standards and regulations
• Develop strategies and implement solutions to achieve crypto-agility, enabling proactive responses to emerging challenges like transitioning to post-quantum cryptography

What Does a Core CCoE Team Look Like?

A well-structured CCoE brings together cross-functional experts:

• CISO (Crypto Governance Lead): Sets the overarching cryptographic strategy, defines risk thresholds, and oversees policy enforcement.
• Cryptography Architect: Designs the crypto architecture, including algorithm selection, protocol design, and key lifecycle management.
• PKI/KMS Expert: Leads the deployment and integration of Public Key Infrastructure (PKI), Certificate Lifecycle Management (CLM), Hardware Security Modules (HSMs), and Key Management Systems (KMS).
• Identity and Access Management (IAM) Architect: Develops and governs identity-centric cryptographic access policies across users, devices, and services, ensuring alignment with zero-trust principles.
• Compliance & Risk Officer: Ensures that cryptographic practices align with industry standards and regulations, such as NIST, ISO 27001, PCI-DSS, GDPR, HIPAA, and others.

Depending on the organization’s size and complexity, the CCoE may also include additional operational stakeholders like PKI Administrators, Key Management Administrators, Security Operations Analysts, DevSecOps or Automation engineers for overseeing certificate and key lifecycle operations.

The Real-World Benefits of a CCoE

A CCoE isn’t just a conceptual framework—it’s a practical solution that offers tangible value:

1. Operational Efficiency and Cost Savings: By centralizing and automating cryptographic operations, a CCoE cuts complexity and streamlines processes. This helps minimize errors, accelerate workflows, and significantly cut operational costs.
2. Enhanced Security Posture and Improved Compliance: With deep visibility and automation, a CCoE enables swift identification and remediation of vulnerabilities. Through strong policy enforcement, a CCoE ensures that cryptographic practices align with regulatory requirements and internal policies, reducing the risk of data breaches and maintaining compliance.
3. Crypto-Agility: A CCoE brings together visibility, automation, and policy control of cryptographic operations to ensure your organization is always ready to address emerging threats, technological shifts, and regulatory changes, such as 47-day TLS certificates, PQC adoption, and browser distrust issues.

Why Now? The Urgent Case for a Crypto Center of Excellence

Several key trends underscore the necessity of establishing a CCoE:

• The 47-Day TLS Crunch: By 2029, SSL/TLS certificate lifespans will shrink from 398 days to just 47 days. That’s not a small change—it’s a 12× increase in certificate renewal workload. Suddenly, what used to be a once-a-year task becomes a monthly scramble. In practice, this means that teams still using manual processes (spreadsheets, siloed CA tools) will be unable to manage TLS certificates without implementing automation, which will increase the risk of outages, vulnerabilities, and compliance issues. A CCoE can implement smart automation strategies and enforce policies to manage this complexity effectively and prevent those “fire drill” moments.
• The Great Post-Quantum Cryptography (PQC) Migration: With NIST finalizing the first set of PQC standards and setting 2030 as the deadline for deprecating legacy algorithms (like RSA and ECC), organizations are expected to start migrating now. As part of PQC transition planning, Gartner explicitly advises organizations to “create a crypto center of excellence (CCOE) to assess the scope, impact and cost of the transition.” A CCoE can drive the entire PQC roadmap: gaining visibility into certificates and crypto assets, creating a Cryptographic Bill of Materials (CBOM), prioritizing assets based on risk, setting algorithm-replacement policies, testing new algorithms, engaging with third-party vendors, guiding developers on crypto-agile design, and promoting crypto-agility to ensure seamless adoption.
• Increased Regulatory Pressure: Governments and standards bodies are beginning to mandate strong crypto governance and agility. The UK’s NCSC has made it clear: crypto-agility is a MUST for a smooth transition to post-quantum cryptography by 2035. The U.S. NIST, too, has repeatedly emphasized that crypto-agility isn’t just helpful—it’s essential. A CCoE formalizes this agility by setting enterprise-wide policies, ensuring standardized key rotation schedules, and maintaining audit trails of crypto usage.
• Tool and Ownership Fragmentation: Enterprises today generally use multiple CAs, HSMs, environments, and DevOps pipelines. Crypto ownership is often split between AppSec, DevOps, network, and compliance teams—nobody owns the whole picture. A CCoE can bring the much-needed cohesive view by defining how cryptography is managed, tracked, and governed across the organization without disrupting local responsibilities.

Taking the First Step Towards Crypto Resilience

Cryptography today is critical infrastructure and establishing a CCoE is an excellent way of keeping this infrastructure efficient, secure, and ready for whatever comes next. It isn’t about adding bureaucracy—but about creating clarity, control, and confidence in your organization’s cryptographic practices. In a world of shrinking certificate lifespans, quantum risks, and non-stop digital transformation, that’s exactly what organizations need.

If you are ready to take the first step, talk to one of our experts today about how AppViewX certificate lifecycle management and PKI solutions help support a Crypto Center of Excellence (CCoE).

And if you’re looking for the foundation to support it, start with AppViewX AVX ONE CLM, a solution that’s built for crypto-agility. By providing complete certificate visibility, end-to-end CLM automation, and continuous policy control and governance, AVX ONE CLM simplifies and streamlines certificate lifecycle management to eliminate outages, reduce risks, ensure compliance, and enable crypto-agility. Learn more about AppViewX AVX ONE CLM

Device Profile Builder: Easily Integrate Your Products with SmartThings

Uncategorized

SmartThings continues to invest in the Developer Center with tools for partners such as Test Suite, Product Cloning, and Certification by Similarity to simplify product integration and certification for a single product or an entire portfolio.

The post Device Profile Builder: Easily Integrate Your Products with SmartThings appeared first on SmartThings Blog.

When Machines Talk, Who Do You Trust? Elevating Autonomous Trust with AppViewX AVX ONE CLM

Uncategorized

It only takes one expired certificate to bring everything to a halt. When a certificate expired at a smart meter company, it halted energy tracking for over 15 million homes. In another case, robotic arms at an automotive plant froze mid-production—all because of a single expired certificate. These aren’t isolated incidents—they’re symptoms of a much bigger issue.

As enterprises scale their use of automation, machine identities are multiplying at an unprecedented rate. But few have a system to manage them. Without a scalable system, trust quickly becomes a ticking time bomb. That’s where AppViewX AVX ONE CLM steps in—delivering the visibility, automation, and control you need to secure your machine identity landscape.

The Rise of Machine and Non-Human Identities (NHIs)

Machine and non-human identities are increasing exponentially, far outpacing the growth of human identities. According to the 2024 ESG Survey, organizations, on average, have 20X more non-human identities than human identities. And the growth isn’t slowing down, 52% of organizations predict an additional 20% increase in NHIs they manage in 2025.

These non-human identities include a wide range of device and workload identities:

• SSL/TLS certificates
• SSH keys and certificates
• Cloud services
• Microservices and applications
• APIs
• Service accounts
• Smart IoT devices
• CI/CD bots, AI models, and Kubernetes clusters
• Network devices

As the machine-to-machine ecosystem grows, so does the challenge of managing trust at scale. If you can’t see them, rotate them, or revoke them—you’re exposed.

What’s Broken: Legacy PKI and Certificate Lifecycle Management Can’t Keep Up

Traditional PKI and Certificate Lifecycle Management CLM solutions were built for a different era—one where certificates were issued to humans, lived for years, and were managed through manual approvals and periodic audits.

But machine and non-human identities don’t play by those rules. They:

• Spin up/down in seconds
• Operate at machine speed
• Require continuous authentication and encryption
• Can scale into millions across hybrid and multi-cloud environments

Legacy PKI and CLM systems, still reliant on manual processes, weren’t designed for this pace or scale. They do not provide the visibility, automation, and real-time control needed to manage today’s sprawling machine and non-human identity landscape. As a result, organizations face increasing risk—from expired certificates that cause outages, to blind spots that open the door for security breaches and compliance failures.

AppViewX AVX ONE CLM: Built for the Autonomous Enterprise

AppViewX AVX ONE CLM offers a modern, scalable, and secure certificate lifecycle management solution purpose-built for today’s machine-driven, Zero Trust environments. It delivers complete visibility, end-to-end automation, and continuous policy control and governance of digital certificates and keys—across machines, applications, workloads, and cloud services. Designed with crypto-agility in mind, AVX ONE CLM addresses the unique challenges of managing non-human identities (NHIs):

• Complete Visibility: Discovers all public and private certificates across your hybrid multi-cloud environments. Provides a centralized inventory with deep visibility into certificates and their metadata, including ownership, associated endpoints, and applications—enabling real-time detection of expirations, shadow certificates, misconfigurations, and crypto anomalies .
• Machine-Speed Automation: Automates certificate issuance, renewal, provisioning and revocation across cloud-native, edge, DevOps, and IoT environments. Provides out-of-the-box and custom automation workflows and auto-enrollment protocol support to tailor automation to unique business needs.
• Policy-Driven Governance: Helps enforce enterprise-wide best practices around cryptographic standards, key length, and expiry policies with zero manual touchpoints to minimize security risks and ensure compliance with industry and regulatory standards. Enables granular RBAC to enable conditional access and ensure secure certificate provisioning.
• DevOps and IoT Native: Integrates seamlessly with multiple Certificate Authorities, cloud services, DevOps toolchains, ITSM, SIEM, and MDMs to simplify certificate enrollment and automate certificate lifecycle management for high-volume DevOps and IoT environments.
• Post-Quantum Cryptography (PQC) Ready: Built to support the new NIST-standardized quantum-safe algorithms to help you prepare for PQC adoption and future-proof your machine identity trust.

Why AppViewX AVX ONE CLM Matters

By integrating deeply into both machine-native systems and enterprise IT, AppViewX AVX ONE CLM empowers your organization to:

• Prevent outages from expired or misconfigured machine certificates
• Eliminate blind spots to minimize vulnerabilities and security risks
• Meet compliance requirements for standards like PCI-DSS, HIPAA, NERC CIP, NIST, and more
• Accelerate Zero Trust maturity through automated, identity-based access control
• Practice crypto-agility to swiftly adapt to sudden cryptographic changes and industry shifts like 47-day certificate lifespans, PQC adoption, and browser distrust issues

Call to Action: Machine Identity Management Is Now A Must Have

The number of machine and non-human identities will continue to rise—and fast. Without proper management, trust breaks down, compliance fails, and innovation grinds to a halt. AppViewX AVX ONE CLM delivers the visibility, automation, and control needed to manage machine identities effectively and build the scalable trust foundation your autonomous enterprise demands.

Manage every certificate. Secure every workload. Trust every machine—with AppViewX AVX ONE CLM.

To learn more, request a demo of AppViewX AVX ONE CLM today.

How Mature Is Your PKI? Find Out the Smart Way with the PKI Maturity Model

Uncategorized

Assess. Improve. Future-Proof Your PKI Strategy

The Need to Give Legacy PKI a Serious Makeover

From securing communications and authenticating users to ensuring data integrity, Public key infrastructure (PKI) plays a vital role in keeping today’s organizations secure and trusted. While its importance is clear, deploying and managing PKI effectively is anything but straightforward.

For many organizations, PKI is still a patchwork of legacy systems, manual processes, scattered certificate inventories, and growing complexity. Combine that with a shortage of skilled PKI experts and a lack of automation, and it’s no surprise that outages, vulnerabilities, and compliance issues keep surfacing.

Further, as IT environments evolve and change—with multi-cloud, DevOps, IoT, and the looming shift to post-quantum cryptography—traditional PKI setups are being pushed to their limits. Without the right processes, tools, and people in place, PKI can quickly become a bottleneck—or worse, a serious cybersecurity risk.

What’s needed to move past these challenges is a more strategic and structured approach to PKI. That’s where the PKI Maturity Model (PKIMM) comes in—a framework from the PKI Consortium that helps organizations assess their current PKI setup, identify gaps, and build a stronger, more resilient PKI for the future.

What is the PKI Maturity Model?

The PKI Maturity Model is a comprehensive and practical framework designed to help organizations assess how well their PKI is working—and where it needs improvement. It provides PKI and Security teams a way to step back, evaluate, and enhance their PKI maturity in a structured way.

Whether you’re running a lean team or managing PKI for a global enterprise, the PKI maturity model is applicable to all types of organizations—no matter the industry or use case.

Here’s what the PKI Maturity Model helps you with:

• Assessment: Quickly understand the current state of your PKI—its capabilities, gaps, and performance.
• Benchmarking: Compare your PKI maturity (confidentially and anonymously) with that of similar organizations by size or sector.
• Guidance: Get clear, actionable recommendations on how to strengthen your PKI strategy and capabilities.
• Improvement: Implement best practices to elevate overall PKI performance

What Does the PKI Maturity Model Measure and What It Means?

The PKI Maturity Model breaks things down into five clearly defined maturity levels—kind of like an audit scorecard for your PKI. Each level reflects how structured, consistent, and forward-looking your PKI practices are and the risks that come with where you currently stand.

Maturity levels:

1. Initial: Processes are ad-hoc. No inventory is available. Controls are poor and purely reactive.
2. Basic: Some structure exists but lacks alignment with industry standards and regulations. Inventory is not maintained. Controls are still mostly reactive.
3. Advanced: Certificate management processes and controls are in place but not fully followed and understood. Certificate inventory is maintained. Controls are more proactive.
4. Managed: Certificate management processes are well-designed, measured, and consistently applied. Certificate inventory is up to date. Controls are proactive.
5. Optimized: Certificate management processes are well designed and followed. Inventory is complete and updated through regular certificate discovery. Certificate management is integrated with organizational governance. Controls are proactive by design. Continuous improvement is the norm.

However, these levels aren’t assessed in isolation. The model examines your PKI across four key modules that encompass all PKI dimensions: Governance, Management, Operations, and Resources. Each module includes a set of specific categories you’ll be scored on.

The Four Modules and the Associated Categories:

• Governance: Evaluates strategy and vision, policies and documentation, compliance, and processes and procedures.
• Management: Evaluates key management, certificate management, infrastructure management, and change management and agility.
• Operations: Evaluates resilience, automation, interoperability, and monitoring and auditing.
• Resources: Evaluates sourcing, knowledge and training, and awareness.

Together, these modules and their 15 categories, covering all the essential aspects—people, processes, and technology—provide a well-rounded view of your PKI, from high-level governance to hands-on operations and team readiness.

To simplify the assessment process, the PKI Consortium offers a straightforward, Excel-based assessment tool. It guides you through defining the scope of your environment, scoring each category, and generating a report that shows your maturity levels and areas for improvement. This structured process ensures consistent and repeatable evaluations, unlike scattered and ad-hoc self-assessments.

What Maturity Looks Like in Key PKI Categories?

The PKI Maturity Model dives deep into all aspects of PKI, but a few categories stand out for their significant impact. Here’s a quick look at what low and high maturity look like in each—and what the model evaluates.

1. Policies and Documentation

Well-defined policies and security measures are vital for successful PKI management. This model checks how well your PKI is governed—whether your rules, roles, and procedures are clearly defined and consistently applied.

• Low Maturity: No formal policies, unclear ownership, and inconsistent practices.
• High Maturity: Well-documented, enforced, and regularly updated policies that guide operations and ensure accountability.

2. Certificate Management

This is where everything comes together. The model looks at how you discover, inventory, and profile certificates throughout the organization. It also examines how you issue, renew, revoke, and provision certificates.

• Low Maturity: Ad-hoc certificate tracking, incomplete inventory, and manual processes.
• High Maturity: Regular certificate discovery, up-to-date inventory, full lifecycle automation, and well-documented policies. Certificate management is integrated with organizational governance.

3. Change Management and Agility

PKI should evolve with your business and the broader security landscape. The model looks for robust and reliable change management processes that enable swift transitions without disrupting operations.

• Low Maturity: Unplanned and ad-hoc changes, no formal process, no consideration for agility, and high risk of disruption.
• High Maturity: Change management and agility are built into the process—clearly documented processes, roles, responsibilities, and tools and technologies are used for smooth change management.

4. Automation

Automation is one of the proven ways to enhance PKI efficiency and minimize human error. The model assesses the extent of automation in certificate lifecycle management.

• Low Maturity: The entire certificate lifecycle is managed manually
• High Maturity: Certificate operations are fully automated, governed by clear policies, and continuously monitored and audited for performance and compliance.

5. Monitoring and Auditing

Visibility drives control. In this category, the model examines whether you have the necessary controls in place to detect issues, respond to threats, and maintain compliance.

• Low Maturity: No logs or records to monitor and audit security events

• High Maturity: Detailed audit logs and monitoring systems that are regularly reviewed, and refined. Alerts flag critical events so you always know what’s happening across your PKI.

Getting to higher maturity across these categories doesn’t happen overnight—but knowing where you stand is the first step. And with the PKI Maturity Model as your guide, you can move forward with a plan that’s built on structure, insight, and best practices.

Next Steps: Power Your PKI Maturity Journey with AppViewX AVX ONE

Building PKI maturity is a journey, and modern PKI and CLM solutions can help you leap ahead by replacing complexity with speed, scale, and agility.

The AppViewX AVX ONE Platform is built to simplify and modernize PKI and certificate lifecycle management. It combines powerful certificate lifecycle management automation (AVX ONE CLM) with private PKI-as-a-Service (AVX ONE PKIaaS), giving you complete visibility and centralized control over all private and public certificates across your hybrid multi-cloud, containerized, and IoT environments.

AVX ONE CLM simplifies certificate lifecycle management with complete visibility, end-to-end automation, and continuous policy control and governance of digital certificates and keys. AVX ONE PKIaaS simplifies and modernizes private PKI management. You can quickly and securely set up fully compliant private CAs and start issuing certificates within minutes—no hardware to buy, no complex infrastructure to maintain.

Together, they help eliminate outages, mitigate security risks, ensure compliance, and build crypto-agility–all of which directly boost your PKI maturity.

Ready to level up your PKI and CLM? Use the PKI Maturity Model as your roadmap and let AppViewX AVX ONE be the engine that drives you to a secure, resilient, and future-ready PKI.

Check out AppViewX AVX ONE Platform, request a demo, or talk to one of our experts today.

Google Chrome to Distrust Chunghwa Telecom and Netlock Certificate Authorities (CAs)—What’s Next?

Uncategorized

Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of compliance failures and a lack of measurable progress in addressing publicly reported issues.

Chunghwa Telecom is Taiwan’s largest integrated telecom service provider and operates a public Certificate Authority (CA) called ePKI, which issues digital certificates for secure web communications. Netlock, based in Hungary, is a specialized CA offering digital certification services, including TLS/SSL certificates, electronic signatures, and time stamping.

Any certificates issued by these CAs on or before July 31, 2025, will remain valid. However, certificates issued after that date will trigger browser warnings—like the dreaded “Your connection isn’t private” alert—creating trust issues for website visitors. Google intends to roll out these changes with Chrome 139, scheduled for release in early August.

Why Is Google Distrusting These CAs?

Google’s decision to distrust Chunghwa Telecom and Netlock CAs wasn’t made lightly. Citing the reasons for distrust, Google stated, “Over the past several months and years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the internet, continued public trust is no longer justified.”

What Should Affected Website Owners Do?

If you’re using certificates from either Chunghwa Telecom or Netlock, Google strongly recommends switching to a new, publicly trusted CA as soon as possible—ideally before your current certificates expire, if that is after July 31, 2025. Doing so helps avoid trust warnings and service disruptions and outages on your websites and internet applications.

While it’s technically possible to reissue certificates from either of the two distrusted CAs before the August 1, 2025, deadline to buy more time, that’s only a temporary fix. You’ll still need to complete a full migration eventually—and the longer you wait, the higher the risk of service disruptions.

Another CA Distrust Incident. Another CA Migration. How to Be Ready?

This isn’t the first time Google has pulled trust from a CA—and it likely won’t be the last.

Just last year, Google distrusted the Entrust CA. Thousands of organizations that relied on TLS certificates from Entrust were forced into a fast-paced migration to a new trusted public CA before the November deadline (in just about 4 months!). It was stressful, chaotic, and, for many, still ongoing.

In the broader picture, Google’s move should be welcomed as it reinforces the high standards expected of CAs and sends a clear message: trust must be earned through transparency, security, and accountability. That said, the responsibility for ensuring digital trust doesn’t end with browser vendors. Organizations must also step up—by implementing a multi-CA strategy and embedding CA agility and crypto-agility into their Certificate Lifecycle Management (CLM) practices.

• Multi-CA Strategy: As CA distrust and revocation incidents become more frequent, relying on a single CA is increasingly risky. If that CA is distrusted or revoked—you’re scrambling to replace every certificate across every application. Instead, avoid CA lock-in by working with multiple trusted CAs—so if one fails, only a portion of your certificates are affected, minimizing the overall impact. It’s equally important to have other CAs set up alongside your primary issuing CA. Since onboarding a new public CA can take time due to legal agreements and setup processes, having fallback CAs ready to go ensures you can respond quickly in the event of a CA distrust.
• CA-Agility and Crypto-Agility: CA-agility refers to the ability to quickly and seamlessly switch issuing CAs—whether public or private—to minimize the impact of a compromise or distrust event. It’s part of broader crypto-agility, which enables organizations to swap cryptographic assets (like algorithms and keys) without disrupting operations.

Why CA Migrations Are So Challenging?

Migrating from one CA to another is not just about setting up new CAs. It often means revoking and replacing thousands of certificates (across various certificate types and endpoints), retiring CA-related services, and coordinating efforts across multiple teams and systems.

Without a robust CLM solution, this process is prone to errors, bottlenecks, and missed deadlines. IT and security teams come under immense pressure, and the risk of certificate outages can ripple across applications and services.

Consider the recent Entrust CA distrust. For many enterprises operating without an automated CLM solution, CA migration has been a painful and complex process.

• End users had to reinstall multiple certificates (like S/MIME and client certificates), hampering productivity
• Failed certificate installs flooded IT with support tickets
• Internal services using private TLS certificates needed a complete “rip-and-replace” across internal servers

AppViewX AVX ONE CLM Simplifies CA Migrations with Crypto and CA-Agility

Whether you’re affected by the Entrust, Chunghwa Telecom, or Netlock CA distrust—or simply want to be ready for the next one—here’s how AppViewX can help.

AppViewX AVX ONE CLM, a comprehensive certificate lifecycle management automation solution, delivers crypto- and CA-agility to make the whole process simple and fast through:

Visibility:

• Automatically discover and build a consolidated inventory of all certificates (public and private trust)
• From your consolidated inventory, easily identify and filter vulnerable certificates from distrusted CAs for targeted remediation

Automation:

• From the list of impacted certificates–automate your CA and certificate migration, including reissuance, replacement, and revocation
• Use the unique CA Switch feature to automatically re-provision and reinstall new certificates directly from new CA(s) in place of impacted certificates
• Leverage CA-agnostic automation to reissue new certificates from various publicly trusted CAs
• Leverage closed-loop automation workflows with enterprise ACME support to ensure end-to-end automated TLS certificate issuance and renewal

Control:

• Define and automatically enforce policies around the use of approved Certificate Authorities, crypto-standards, validity periods, and more
• Ensure compliance and simplify audits with role-based access control (RBAC) and detailed audit trails

Stay Secure, Stay Agile.

Browsers play a critical role in enforcing accountability and raising the bar for Certificate Authorities. But, their safeguards only go so far.

For organizations, true resilience comes from being prepared—by diversifying your CA portfolio, automating certificate lifecycle management, and embedding crypto-agility into your CLM strategy. That’s how you stay ahead of the next CA distrust event.

Check out the AVX ONE CLM: Seamless CA Switch Capability Datasheet to see how AppViewX is making CA migrations fast and frictionless.

Already impacted by Entrust, Chunghwa Telecom, or Netlock? talk to one of our experts today to make the switch with confidence.