Certificate Management System

The Vendor is required to provide for the provision and/or installation of certificate management system.
- Key Objectives:
•    Centralized Management: Provides a unified dashboard for monitoring all SSL/TLS and other digital certificates.
•    Automation: Reduces manual effort through automated discovery, provisioning, and renewal processes.
•    Compliance & Security: Ensures adherence to industry standards and regulatory requirements while minimizing the risk of outages and breaches.
•    Integration: Seamlessly integrates with existing IT infrastructure, cloud services, and DevOps pipelines.
- Benefits:
•    Enhanced operational efficiency and reduced downtime.
•    Improved security posture through proactive certificate monitoring.
•    Cost savings by eliminating manual processes and preventing service disruptions.
•    Scalability to support enterprise-level deployments and multi-cloud environments.
•    The CMS is a strategic investment that strengthens the University’s security, supports compliance, and enables business continuity.
- Requirements and Features for a Certificate Management System
o    Single Pane of Glass, see and manage all certificates for the Domains being managed.
o    Central Dashboard: Unified view of certificate health and lifecycle
o    Lifecycle Management
o    Ability to manage certificates from issuance to expiration or revocation
o    Support for renewal workflows to prevent outages and compliance failures
o    Ability to schedule certificate renewals for a specific Date/Time
o    Discovery & Inventory
o    Certificate Discovery: Automatically locate certificates across the domains being managed 
o    Ability to add additional certificates manually
o    Centralized inventory for quick visibility and reporting
o    Ability to discover & inventory certificates with On-prem (public and private) systems, and cloud hosted systems
o    Automation
o    Automated issuance, renewal, and revocation processes to reduce manual effort
o    Automated and Manual certificate deployment and management
o    Security & Compliance
o    Support for TLS/SSL and X.509 certificates
o    Compliance with industry regulations (e.g., GDPR, ISO)
o    SOCII compliance for Cloud hosted solutions
o    The solution must support single sign-on (SSO) integration with university identity systems via CAS, SAMLv2 or Shibboleth
o    Role-Based Access Control (RBAC): Secure user permissions for certificate operations including Reporting and Monitoring
o    The solution must provide the ability to assign and manage user roles, user permissions, and access limits
o    The solution must support fine-grained access and permission settings associated with a given role
o    Monitoring & Alerts & Reporting
o    Real-time monitoring of certificate status.
o    Notifications for upcoming expirations or anomalies of all certificates, including ones non-managed by this system
o    Role-Based Access Control (RBAC): Applies to certificate operations as well as Reporting and Monitoring
o    Reporting & Analytics: Generate compliance and audit reports
o    Scalability
o    Ability to handle hundreds of certificates across hybrid environments
o    Clients and Certificates
o    Seamless integration with On-prem (public and private) systems, and cloud hosted systems
o    Support of SAN and wildcard Certificates
o    Provide an API
o    API integration for automated certificate deployment and management (such as on load balancers like the F5)
o    Ability to augment default deployment methods with custom scripts.