Architecture Overview

The CERTInext Architecture Overview illustrates how the platform enables centralized certificate lifecycle management across on-premises systems, cloud environments, and third-party platforms while integrating with public and private Certification Authorities (CAs).

At the infrastructure layer, CERTInext Bots are deployed within enterprise environments. These bots connect to internal assets such as HSMs, LDAP directories, certificate stores, SSH keys, file systems, and application servers (Server A). They also support agentless discovery and provisioning for remote systems like Windows (via SMB) and Linux (via SSH) servers. Additionally, bots integrate with third-party platforms including F5, Cloudflare, AWS ACM, Kubernetes, Palo Alto, FortiGate, and Akamai through secure API-based communication.

All bots communicate securely with the CERTInext platform hosted in AWS Cloud over HTTPS (Port 443). Within the cloud layer, CERTInext exposes multiple APIs and protocol endpoints including REST, SCEP, EST, WAEP, and ACME, enabling automation and DevOps integration. Core functional modules include Discovery, Provisioning, Managed PKI, Secure Key Management, Vulnerability Assessment, Certificate/Key Compliance, Scheduling, and CT Log discovery. The platform is multi-tenant, with a Master Database and logically separated tenant environments.

On the CA integration side, CERTInext connects to eMudhra’s data center for emSign (public CA) and emCA (private PKI) via dedicated APIs. It also integrates with external public CAs such as DigiCert and Sectigo through CA APIs. This allows automated certificate issuance, renewal, revocation, and trust validation.

Overall, the architecture demonstrates a secure, scalable, API-driven, and multi-tenant design that bridges enterprise infrastructure, cloud platforms, and certification authorities into a unified certificate lifecycle management ecosystem.