360° Managed PKI & CLM – All Plans at a Glance
Start for free, upgrade flexibly!
FREE
Get productive immediately and gain valuable experience. Full version at no cost, no setup, up to 50 certificates.
0€
/ per month
All FREE features at a glance:
- Import & Manage unlimited own certificates for free
- Issue & Manage up to 50 active certificates at no cost
- Automation with ACME, EST, SCEP, CMP Automation powered by standard PKI protocols: ACME, EST, SCEP, CMP.
- Automation with REST API & CLI client Automate certificate management through API or CLI.
- Microsoft AD CS integration Seamless CLM integration with Microsoft ADCS.
- Certificate Discovery Seamless discovery and tracking of server certificates in your network.
- Flexible Certificate Lifecycle Management Manage, monitor, issue, renew, and revoke certificates—plus reporting, role & access management, and policy control with certificate templates for all common applications.
- Powerful Certification Authority (CA) The MTG CARA Certification Authority is automatically connected to the CLM and ready for use.
- Own Root CA
- Own Sub CA
- Keys from your CA protected in shared HSM
- Hosted on shared infrastructure
-
Self-service support We offer you a comprehensive collection of resources for direct online help:
- Videos
- Guides & How Tos
- Online documentation
- Frequently Asked Questions (FAQ) - OCSP & HTTP CRLs OCSP validates certificates in real time, whereas HTTP CRLs rely on downloaded revocation lists.
- Comprehensive cryptography: RSA, EC, PQC Full support for all major PKI algorithms: classical, elliptic curve, and post-quantum secure.
Best for Mid-Sized Teams
BUSINESS
Ideal for mid-sized companies with higher certificate volumes & support needs. Includes advanced features & flexible scalability.
from
800€
/ per month
Costs for
All BUSINESS features at a glance:
- Includes all features of the FREE Plan
- Issue & manage up to 10,000 active certificates in 500-certificate price tiers
- Multiple Sub CAs
- Microsoft Active Directory integration (Microsoft Autoenrollment) Seamless certificate automation in Active Directory (AD) with Autoenrollment Connector
- Hosted on shared high-availability infrastructure
- 24/7 hotline support Support is available via our ticket system, Monday to Friday, 9:00 a.m. to 5:00 p.m
Optional features:
- IP-based access rights
- VPN access
- Consulting & Premium Support + Quickstart Packages Find full details in Services.
ENTERPRISE
Customized software solutions designed precisely to your individual requirements and evolving business needs.
Custom pricing upon request
All ENTERPRISE features at a glance:
- Includes all features of the FREE Plan
- Includes all features of the BUSINESS Plan
- Issue & Manage unlimited active certificates with flexible pricing tiers
Optionale Features:
- Multiple Root CAs e.g., useful when multiple algorithms are required for different types of certificates.
- Offline Root CA
- Dedicated Hardware Security Module (HSM)
- Hosted on dedicated infrastructure
Our Offering in Detail
Compare All Plans
| Features | FREE | BUSINESS | ENTERPRISE |
|---|---|---|---|
| Certificate Lifecycle Manager (CLM) Comprehensive certificate management: monitoring, issuance, renewal, revocation, reporting, role & access control, plus policy management with templates for all common applications. | |||
| Import Public Certificates Easily import and manage unlimited active public certificates. | unlimited | unlimited | unlimited |
| Import Private Certificates Easily import and manage unlimited active private certificates. | unlimited | unlimited | unlimited |
| Certificate Discovery Automatic identification and tracking of server certificates in your network. | |||
| Issue & Manage Certificates Only active issued certificates are counted. Active certificates are those that are neither expired nor revoked. Imported certificates are not counted. | up to 50 active certificates | up to 10,000 active certificates, scalable in steps of 500 | unlimited active certificates, scalable with flexible tiers |
| Automation with ACME, EST, SCEP, CMP Support for standardized PKI protocols for automation: ACME, EST, SCEP, CMP. | |||
| Automation with REST API & CLI Client Enables automated management of certificates via API or command line. | |||
| OCSP & HTTP CRLs OCSP offers real-time certificate validation, while HTTP CRLs use downloaded revocation lists. | |||
| Public Key Infrastructure (PKI) Private CA integration with MTG CARA | |||
| Microsoft AD CS integration Anbindung an MS ADCS an das CLM | |||
| Certificate issuance with Microsoft Active Directory integration Automatic certificate issuance via Active Directory (AD) with Autoenrollment Connector. | |||
| Public CA Integration – GlobalSign A contract with GlobalSign is required. | |||
| Public CA Integration – PSW Group A contract with PSW GROUP is required for certain public certificates from Sectigo. | |||
| Identity Management via Keycloak & Microsoft Active Directory Synchronize users and role management from Microsoft AD with the CLM through Keycloak. | |||
| Own Root CA A single Root CA is sufficient in most cases. | |||
| Additional Root CAs Multiple Root CAs are useful, for example, when different algorithms are used for different certificate types. | (optional) | ||
| Offline Root CA | (optional) | ||
| Own Sub-CA A dedicated Sub-CA is provided. | |||
| Additional Sub-CAs Additional Sub-CAs may be added if required, at no additional cost. | |||
| RSA cryptography Supports multiple key lengths: 2048, 3072, 4096, 8092. | |||
| Elliptic curve cryptography Supports NIST, Brainpool, and Edwards elliptic curves. | |||
| Post-quantum cryptography Future-ready: support for ML-DSA and SLH-DSA algorithms. | |||
| Flexible notification system Configure alerts for certificate expirations and compliance issues. | |||
| Infrastructure hosting (shared) | |||
| High-availability infrastructure hosting (shared) Shared, high-availability hosting for maximum reliability | |||
| High-availability infrastructure hosting (dedicated) Additionally & optional: Dedicated deployment options for management. | (optional) | ||
| Shared HSM Secure storage of CA keys in shared HSMs. | |||
| Dedicated HSM Storage of CA keys in shared or dedicated HSMs. | (optional) | ||
| Public internet access | |||
| VPN access Incl. 1x VPN access (additional VPN access optional). | (optional) | (optional) | |
| IP-based access control Incl. 1x IP-based access (access rights for additional IPs optional). | (optional) | (optional) | |
| Self-service support | |||
| 24/7 hotline & ticket support | |||
| Contract term | Unlimited | Minimum 12 months, then cancellable monthly | Mindestlaufzeit 12 Monate, Minimum 12 months, then cancellable monthly |
Our Services at a Glance
Professional Services & Consulting
| Optional Service Packages | FREE | BUSINESS | ENTERPRISE |
|---|---|---|---|
| Quickstart Package
Fast and Secure Implementation We’ll get your PKI up and running quickly: with clearly defined use cases, tested integration, preconfigured CLM, and a decision template to guide your next steps. The Quickstart Package includes all modules needed for optimal preparation: - Kickoff Package: Structured project start - VPN Packages: Encrypted integration - Autoenrollment Packages: Replacement of Microsoft CA - Keycloak Packages: Central login & SSO - CLM Training Package: System introduction - CLM Setup Package: Basic CLM configuration | |||
| Kickoff Package
Structured Project Start Lay the foundation for a successful PKI project—with clearly defined use cases, aligned framework conditions, and an initial technical setup. | |||
| VPN Package
Encrypted Connection Establish a stable, encrypted connection to our Managed PKI & CLM – tailored to your system environment and fully tested. | |||
| Autoenrollment Package
Replacing Microsoft CA Migrate your existing Microsoft Certification Authority (AD CS) securely to our Managed PKI – without giving up your proven Active Directory processes. | |||
| Keycloak Package
Central Authentication & SSO Enable centralized authentication for your PKI– with Single Sign-On, clear user management, and seamless AD integration. | |||
| CLM Training Package
System Introduction Gain a solid overview of all key features and dependencies in the Certificate Lifecycle Manager – practical, interactive, and delivered in a training and workshop format. | |||
| CLM Setup Package
Basic CLM Configuration We handle the initial configuration of your Certificate Lifecycle Manager – tailored to your requirements and ready to use immediately. | |||
| Consulting Package
Professional Consulting Your requirements are evolving – and your PKI should evolve with them. Our Consulting Package helps you securely adapt your solution: whether to meet new compliance standards, integrate additional certificates, or address strategic architecture questions. | |||
| Premium Support Package
Operational Security & Expert Knowledge Reliable support for your ongoing operations: we accompany your certificate-based processes with deep expertise – flexible, tailored, and practical. |
Full control. More automation. Fewer errors.
PKI made easy & get started
We support you every step of the way to your own corporate PKI.
“We support you
in the successful implementation
of your PKI projects.”
in the successful implementation
of your PKI projects.”