Digital certificate management company Sectigo is rolling out a certificate-as-a-service (CaaS) offering that one company executive called a “game changer” for MSSPs, MSPs, and other channel players.
With Sectigo’s CaaS, service providers and partners can automate certificate lifecycle management and domain procedures via a single API, according to the Scottsdale, Arizona-based company. In addition, they can offer organizations subscription-based pricing through a pay-per-domain rather than a per-certificate model.
The per-domain model “is more predictable, scalable, and cost-effective for organizations managing large numbers of certificates,” Dena Bauckman, senior vice president of product at Sectigo, told MSSP Alert.
The new service comes amid ongoing changes within the certificate landscape, where more digital services mean more SSL/TLS certificates. At the same time, organizations are shifting toward shorter certificate lifespans, a logical move for security purposes – a shorter lifespan reduces the opportunity for compromised certificates to be exploited – but one that creates operational headaches for those managing high volumes of certificates, Bauckman said.
Shrinking Certificate Lifespans
According to Sectigo, the lifetimes for certificates that encrypt data and verify the identity of website and devices before 2012 were 10 years. However, over the past dozen years, they have continuously narrowed. Top browser companies like Google and Apple already have moved from two-year to one-year certificates, and Google is advocating dropping that to 90 days. Apple now is pushing for 47-day lifespans of certificates by 2029.
“Frequent renewals increase the risk of human error, service outages, and compliance failures,” she said. “Organizations must now track, renew, and deploy certificates at an exponentially higher rate than before, which is simply not scalable with manual processes.”
Sectigo’s offering uses the ACME protocol to automate the certificate lifecycle – from issuance to renewal to management – which eliminates the manual processes and reduces the risk of outages.
Automation, Subscription Model are Key
There are a number of companies that offer cloud-based CaaS platforms, such as DigiCert, GlobalSign, SSL.com, and Amazon Web Services (AWS). Bauckman argued that Sectigo’s predictable and cost-effective subscription-based model with unlimited certificates per domain and API-driven automation were key differentiators.
Another is its multi-tenant management.
“Most certificate providers lack a true multi-tenant solution, forcing MSPs and resellers to manage each customer separately,” she said. “Sectigo’s CaaS enables centralized certificate oversight.”
Good for MSSPs, MSPs
It also delivers benefits for MSSPs, MSPs, and other channel partners, according to Bauckman. Traditional certificate management is a high-touch and resource-intensive process that comes with overhead but absent direct revenue. Automated management – including validation, renewals, troubleshooting, and customer support – is faster and easier.
It also allows partners to open up new revenue streams – moving from selling one-time certificates to recurring subscriptions – improved operational efficiency, white-label capabilities, and the ability to scale.
“Partners can manage thousands of certificates across multiple customers with a single API, eliminating the need for additional resources,” she said.
All this is a boost for Sectigo as well, given its growing reliance on the channel, which she said is central to the vendor’s growth strategy. Sectigo partners number in the thousands, ranging from MSPs and MSSPs to resellers, hosting providers, and registrars.
“The managed services space has become an essential distribution channel for us, especially as organizations increasingly outsource security and IT functions,” Bauckman said. “Our CaaS platform is designed specifically to help these partners scale their certificate management business without increasing operational complexity.”
Entrust Business in the Fold
The new service comes less than a month after Sectigo bought Entrust’s public certificate business, a move that expanded the vendor’s enterprise business and doubled its footprint, and grew its customer base.
For Entrust, shedding the certificate business gave it room to grow its identity-centric security strategy, which includes quantum-ready cryptographic data security solutions.
“Organizations are facing a perfect storm of security challenges, including AI-driven threats, shrinking certificate lifecycles, and rapidly expanding cryptographic estates,” Entrust President and CEO Todd Wilkinson said in a statement at the time. “By securing identities, managing cryptographic lifecycles, and ensuring visibility into keys, secrets, and certificates, we are well positioned to help enterprises achieve post-quantum readiness while also furthering their zero-trust strategies.”
That said, Entrust is continuing to offer such PKI solutions private and managed PKI, as we, as certificate lifecycle management (CLM) and digital signing.
