How are private keys stored?

Private keys are encrypted with AES-256 and stored in secure key vaults. Certifyz never exports raw private keys. Teams can export password-protected certificate bundles, and a password is always required.

What access controls does Certifyz use?

Certifyz enforces strict organization-level Role-Based Access Control (RBAC) to ensure users only access resources they are authorized for.

Are certificate operations audited?

Yes, all critical actions including certificate issuance, renewal, and revocation are recorded in immutable audit logs.

How is multi-tenant data isolated?

Data is strictly isolated at the database and middleware level. Enterprise plans support a dedicated isolated environment with isolated services, storage, and security review workflows.

Security | Enterprise Certificate Management

Private Key Protection

Private keys stay encrypted in secure key vaults and are never exposed as raw exports
Certificate bundle exports require password protection every time
Encryption, key rotation, and policy-aware handling reduce operational risk

Automation Reliability

ACME issuance and renewal workflows reduce manual certificate handoffs
DNS-01 validation supports broader renewal coverage across environments
Expiry monitoring and renewal visibility help teams stay ahead of outage windows

Access Control & RBAC

Role-based access control keeps certificate operations governed so teams can automate issuance, renewal, and revocation without widening access unnecessarily.

Admin

Full system access & user management

Cert Manager

Issue, renew & revoke certificates

Viewer

Read-only access to certificates

Multi-Tenant Isolation

Standard Isolation (Trial & Pro)

Strict logical isolation keeps tenant data separated across routine certificate operations, monitoring, and access control workflows.

Enterprise Isolation

For ultimate security, Enterprise tenants can run in a dedicated isolated environment:

Dedicated isolated environment per tenant
Isolated data and service boundaries
Separate operational controls for security review
No shared compute or storage resources

Audit & Compliance

Every critical certificate action is logged so security teams can review who changed what and when.

Immutable audit logs for all certificate operations
User login and authentication events
API access logs
Retention policies aligned with compliance requirements

Key Security Facts

Private key protection: Certifyz never exports raw private keys. Teams can export password-protected certificate bundles, and a password is always required.
Automation: Supports ACME issuance and ACME-managed renewal workflows. Trial defaults to Let's Encrypt for ACME issuance, and Professional adds ZeroSSL.
Access control: Certifyz enforces strict organization-level RBAC for certificate operations.
Auditability: All certificate operations are audit logged for review and compliance workflows.
Isolation: Enterprise plans support a dedicated isolated environment with isolated services, storage, and security review workflows.

Move from security review to rollout

Use the security reference material to complete vendor review, then review pricing for a dedicated enterprise deployment.

Review pricing Request security review