
Certdog
Overview
Unsung's Gold partnership with Certdog represents our strongest commercial and technical alignment in the certificate lifecycle management space. As a Value-Added Solutions Provider, we have extensive experience implementing Certdog's certificate authority and lifecycle management platform for UK government and enterprise customers, with particular depth in Microsoft Active Directory Certificate Services environments.
The Challenge
Many organisations rely on Microsoft ADCS as their primary certificate authority, often deployed years ago with limited visibility into what has been issued and little automation for renewal. As certificate volumes grow and lifetimes continue to shorten, with 47-day TLS certificate lifetimes now on the horizon, managing this manually through native ADCS tooling becomes increasingly difficult to sustain.
Without a central view of certificates across the estate, teams struggle to identify what is approaching expiry and have no consistent process for renewal. When certificates lapse unexpectedly, the result is service outages that affect critical operations and erode confidence in IT's ability to keep systems running. Replacing the entire PKI platform is rarely the right answer when the underlying ADCS infrastructure is sound and the gap is in management and automation rather than the certificate authority itself. The same challenge applies where organisations run multiple CAs side by side, whether Microsoft, Keyfactor EJBCA, or others, with no single point of visibility across them.
What It Does
- Multi-CA hosting and integration. Certdog can host any number of internal root and intermediate certificate authorities, while also interfacing with external CAs including Microsoft ADCS and Keyfactor EJBCA, so organisations manage everything from a single console rather than switching between systems.
- Centralised visibility. Certificates issued by Certdog's own CAs and by external authorities are held in one searchable database, with configurable expiry monitoring and email alerting, giving teams a single, reliable view of the estate.
- Key protection. Keys can be protected in an HSM or in cloud key stores including AWS CloudHSM, Azure Key Vault, and Google KMS, so organisations retain strong key security regardless of where certificates are issued or used.
- Automation and integration. A REST API, PowerShell scripts, and .NET and Java clients allow certificate issuance and renewal to be built into existing workflows and DevOps pipelines, removing manual, ticket-based renewal processes.
- Discovery and monitoring. TLS discovery scanning identifies certificates already in use across the network, while CRL and OCSP monitoring tracks the health of validation services, so nothing is managed on trust alone.
- Deployment flexibility. Certdog runs on Windows, Linux, or as a Docker container, in single-tenant or multi-tenant configurations, across on-premises, cloud, or hybrid environments, so it fits the infrastructure an organisation already has.
How Unsung Helps
Our Gold Partner status with Certdog reflects the depth of our implementation experience, particularly in Microsoft ADCS environments where Certdog delivers visibility and automation without requiring wholesale replacement of existing infrastructure. Our consultants work with clients to assess current certificate management challenges, design an appropriate deployment architecture, and implement Certdog to deliver immediate visibility and control across the certificate estate.
For organisations that need a broader, independent view of their PKI environment before selecting tooling, our PKI Health Check provides an assessment with prioritised, actionable recommendations, and our PKI Consultancy service supports longer-term strategy and tooling decisions.
