Automate the certificate lifecycle with KeyTalk

30 Jun 2021 | Jindřich Zechmeister

KeyTalk is software from a Dutch company of the same name and can save you endless hours spent obtaining and deploying certificates. It will also help you easily switch to S/MIME certificates and secure all your employees without much difficulty. This article aims to show the main advantages of KeyTalk.

Introducing KeyTalk

The KeyTalk manufacturer defines KeyTalk as a Certificate Key Management System (CKMS). In other words, it is used to manage the lifecycle of keys and certificates.

This low-key product has a wide range of uses and can automate the complete process of obtaining a certificate, including its deployment on a server or workstation. You can use it for different types of certificate or create your own internal certification authority.

Together with us, DigiCert is the technological KeyTalk partner and we will be happy to provide you with their services.

KeyTalk consultation, acquisition, deployment and licensing takes place through partners like us, who will help you activate the solution and set up basic operation.

Prostředí KeyTalk serveru
KeyTalk server environment. Click to enlarge.

Options of using KeyTalk

You can run KeyTalk on your own physical server or in the cloud; just download the image from the manufacturer's website and run it. You will get a fully configured Linux server (Ubuntu) and you only need to complete the KeyTalk installation via the web interface. The administration of the server also takes place through it.

In addition to a server running KeyTalk, you will also need a database. The easiest way is to use the MySQL database directly on the KeyTalk server, where it is already available for accessibility (localhost), but for higher availability, the manufacturer recommends using more servers (MySQL cluster) and a load balancer.

KeyTalk also now exists as a SaaS, i.e. as a service. With this method of use, there is no need to operate and administer the entire server (on-premise).

In any case, you will need a license file, which we will arrange for you, as well as a connection to the CA (to obtain trusted certificates). KeyTalk is a universal solution that works independently of existing CAs, but in our case, we assume a connection to the DigiCert API.

KeyTalk can serve as an alternative to HSM, which is especially suitable for smaller companies, or it can join existing HSMs and use these. You can choose between Thales Luna Cloud, Network HSM, Utimaco CryptoServer LAN, and Cloud.

Obtaining trusted certificates using KeyTalk

For automation, the KeyTalk server needs to know the answer to two questions:

  • where to take user data and where to store certificates (for example, internal DB, Active Directory, LDAP, Azure)
  • which CA should issue certificates (DigiCert, QuoVadis, own CA, etc.)
When setting up these two basic aspects, Keytalk can work for issuing both personal and server certificates. The server takes care of the renewal and installation of subsequent certificates, so when used correctly, it fully automates everything.

Desktop clients are an add-on for the server part - KeyTalk Client supports all major platforms and smartphones. The client application is used to connect to your KeyTalk server, obtain (download a certificate) and store it in the certificate store of the machine. However, the possibilities for deploying certificates do not end there.

For example, this simple application can obtain, download and set up an S/MIME certificate for Outlook or a smartphone. The computer user does not have to do anything and the administrator does not have to set up anything locally for them. The application lifecycle is managed by the server, so it extends the certificates in time and the client automatically installs them.

Other functions

Certificate management is not easy and everything must be in order; it must be clearly traceable who applied for the certificate, who uses it, how long it is valid, how many certificates the organization uses ... KeyTalk also considers these aspects and offers a Reporting section.

Logging must not be missing - four separate records (divided according to focus) can be found directly in the web administration and will be especially useful for the initial KeyTalk setup.

You can easily view the list of users, all issued certificates, etc. There is also the possibility of sending notifications.

Prostředí KeyTalk serveru
KeyTalk server environment. Click to enlarge

Licensing and pricing

Are you interested in the above example? We are ready and happy to provide you with more information. Just tell us the size of your business, the technology environment, whether you use Active Directory and what the main goal you want to achieve with automation is.

The advantage of KeyTalk is good availability, even for small and medium-sized companies. Similar products are too "big" and expensive for ordinary companies because they target large corporations and, as a result, make it impossible for ordinary companies to use them. KeyTalk is an exception and, on the contrary, is available due to low fixed costs and licensing per user.

In addition to the annual server license, you pay for individual users. The user pays an annual fee for the device and the price for a trusted certificate from DigiCert. The SaaS model is simpler, the price per user already includes a trusted Class 2 certificate, server license fee, and KeyTalk LDAP server license all in one.

The certificate holder can use it on up to 10 devices (mobile, PC, tablet).

We will be happy to do an independent calculation for you

If you are interested in an independent calculation, write to us. Send your questions to the e-mail info(at) and we will contact you.