{Empty}
DigiCert Software Trust Manager

Get a Faster, Safer Development Cycles with a Secure Code Signing Solution

DigiCert Software Trust Manager gives enterprises a better
code signing process by reducing risk with policy enforcement
and centralized control.

Fortify Your Software Against Supply Chain Threats with DigiCert Software Trust Manager

Code Signing Made Way Easier

  • Remote work friendly: Authorized developers can sign code from anywhere.
  • Automated content service platforms integrate seamlessly on CI/CD platforms.
  • Skip the inconvenience of shipping hardware tokens with on-cloud key storage and management options.
  • Integrates with tools like OpenSSL, SignTool Docker and CI/CD platforms.

Guard Against Insecure Key Practices

  • Protect the software supply chain from malware signing, and misused and stolen keys through multiple layers of protection.
  • Secure keys in on-premises, cloud, or hybrid HSMs, which can be managed through DigiCert.
  • Granular role-based signing privileges and specified code signing windows.
  • Stay on top of every detail with audit logs.

BENEFITS

Why Use DigiCert Software Trust Manager?

More flexibility. Better control.
Now your entire DevSecOps process can have software integrity everyone can count on.
Here’s how enterprises are strengthening their code signing process against supply chain attacks:

  • Private Keys IconStore Private Keys
  • Signing Activity IconRecord All Signing Activity
  • CI/CD Systems IconIntegrate with CI/CD Systems
  • Security and Compliance IconCentralize Control for Security and Compliance
  • Code Signing Use Case IconUse for Any Code Signing Use Case
  • Code Signing Process IconSimplify the Code Signing Process
  • Software Threat Detection IconAutomate Software Threat Detection

Store Private Keys Securely

Traditional code signing is susceptible to preventable pitfalls like malware signing and key misuse. There’s a gap between an organizations’ ability to manage code signing activities and being able to enforce corporate policies or rights management capabilities. Now it’s easier to meet strict code signing standards with proper key storage and multi-factor authentication by storing keys on DigiCert’s hosted HSM environment.

Record All Signing Activity

If you don’t know who signed what, how can you tell if something is wrong? Mitigate this traditional code signing issue with Software Trust Manager.

  • Conduct regular audits
  • Certify software and build integrity
  • Easy intervention and key revocation
  • Keep track of who signed what
  • Monitor code signing activity
  • Oversee which certificates were signed

Integrate with CI/CD Systems

Security is often sacrificed for speed in the CI/CD loop. Yet, insecure practices jeopardize software integrity by introducing vulnerabilities to the pipeline, risking interruptions and delays. Software Trust Manager protects software releases and prevents supply chain issues with seamless CI/CD integration.

Certify software integrity with uninterrupted CI/CD integration:

  • Apache Ant
  • Apache Maven
  • Azure DevOps
  • Circle CI
  • Gradle
  • Gitlab
  • Jenkins

Centralize Control for Security and Compliance

Configure workflows to better enforce corporate security policies and compliance regulations. Centralized control of the full certificate lifecycle handling gives you complete management capabilities over the software development and provides you with an audit trail of the development lifecycle.

  • Assign authorized users to structured user roles
  • Manage access and set permissions
  • Store keys in a central location

Software Trust Manager only allows authorized users with the right permissions to sign code, even without a key. With easier auditing, it’s quicker to remediate during security incidents.

Use for Any Code Signing Use Case

When developers are busy enough dealing with a manual code signing process, security becomes a lower priority. The manual approach comes a point of weakness.

Software Trust Manager combats this by providing a cloud-hosted code signing solution that supports a variety of signing models. Choose from on-demand keys to single usage keys–Software Trust Manager delivers the much-needed versatility in a modern code signing environment.

Automate code signing with system integrations and broad compatibility for any code signing use case.

  • Apple CryptoTokenKit (CTK) for signing application frameworks and bundles
  • Key Storage Providers (i.e., Windows Sign Tool, Mage, Nuget, Clickonce, HLK and HCK)
  • PKCS11 for Java, Android, Linux, Docker, OpenSSL, GPG, XML, EV and OV public code signing certificates

Make the Code Signing Process Easier

Developers face useability and security challenges with traditional code signing methods. Relying on file sharing means that teams have no oversight on key or certificate usage, posing a risk to the overall integrity of the build.

Hash signing combines the speed of a local signing and security of a code signing service.

  • Allow users to sign code without needing a hardware token or direct access to the code signing server.
  • Automate a build server configuration so that signing requests can be made without user intervention.
  • Expedite the secure signing of large files with hash signing and cloud signing services.
  • Guarantee software security without the cumbersome user interactions of traditional code signing.

Automate Software Threat Detection

Monitor and enforce the security of your software from a single platform. Software Trust Manager spots suspicious activity or security issues within your code or software, so you can address security concerns faster.

  • Duplicate the build process to compare code in releases to confirm the code hasn’t been tampered with.
  • Monitor key usage throughout the software development cycle.
  • Multi-factor authentication certifies that only authorized users can sign code, access keys, and certificates.
  • Role-based access keeps code signing limited to the right people at the right time.
  • Track and record code signing activity in a comprehensive audit log.

FEATURES

Protect Software Integrity with
Automated Code Signing

Eliminate vulnerability gaps in your DevSecOps pipeline with a streamlined code signing solution.

Secure Key Storage

Secure Key Icon

Protect keys from theft and sign code without accessing the private key.

Role-Based Access Control

Role Based Icon

Set access rules for authorized team members to sign code and manage usage controls.

Central Policy Enforcement

Reporting & Compliance

Define and enforce signing standards with a full audit trail of who signed what and when.

Central Dashboard

Dashboard Icon

Get control over all signing keys, certificates, and signing activities from a dashboard accessible anywhere.

CI/CD Integration

Integrations

Speed up the deployment process timeline with automation and produce higher-quality code.

Broad Range of File Support

File Support

Support a variety of file types and signing tools compatible with Microsoft KSP, Apple CryptoTokenKit, and PKCS11.

Dedicated Private CA

Private PKI

Enforce centralized policy and enjoy the benefits of a private CA without building it from scratch.

Up-to-Date Compliance

Zero-Touch Deployment

Automated updates make it easy to stay current with the latest compliance standards.

Flexible Deployment

Automation

The container-based architecture supports high-volume and robust developer communities.

See How Software Trust Manager Works

Schedule a Demo

USE CASES

Reduce Vulnerability Gaps in the
Software Development Process

SSL/TLS Certificates

Published
Software

Email Signing & Encryption

In-House
Applications

Code Signing Certificates

Code

Document Signing Certificates

Scripts

Cloud Images

Cloud Images

Private Certificates

Containers

Device Certificates

Mobile
Apps

User Certificates

IoT
Firmware

IoT Identity Management

Device
Integrity

Trust Services

XML

FBCA Certificates

Files

eIDAS Certificates

CI/CD
Workflows

INTEGRATIONS

Compatible with the Systems You Use Today

Straightforward integration with signing automation using well known platforms and tools.
Integration options include:

CI CD Platforms

CI/CD Platforms

  • Apache Ant
  • Apache Maven
  • Azure DevOps
  • Gradle
  • Jenkins
Cryptographic Libraries

Cryptographic Libraries

  • Apple CryptoTokenKit
  • Microsoft CNG/KSP
  • PKCS#11
Hardware Security Modules

Hardware Security Modules (HSMs)

  • Thales Luna Network HSM and Luna USM HSM
  • Thales Luna Cloud HSM

See how easy it is to integrate all of your systems

Get More Info

PKI Broker

More vendors, more choices. We find the right
certificate management system for YOUR situation. We’ve made it quicker and easier to find affordable plans.

digicert
keyfactor
appxviewx
sectigo
manageengine
keytalk
venafi

How does the PKI broker process work?

Our Process
Domain Registrars

WHY CHOOSE US?

6 Reasons Why We’re a Go-to for Finding the Right
Certificate Management Tool

  1. Get All the Info You Need, in One Place

    Get access to demos, technical details, and answers for all the top certificate management tools. We’re your single point of contact for whatever you need.

  2. Shortcut Meetings & the Sales Process

    Jumping through the same hoops with each vendor gets redundant & tiresome. We’ll fast track the experience, so you only have to say things once.

  3. Connect Directly to Solution Architects

    We’ve got the engineers and tech resources on speed dial, so you’ll get answers fast.

  4. Get Multi-Vendor Advice & Comparisons

    We’re here to help you compare and choose the best certificate management software, with full transparency about each option’s pros and cons.

  5. Tap into Our Negotiated Discounts

    Our extensive network of vendors lets us secure the best possible deals on your preferred PKI and certificate solutions.

  6. Get the Best of Both Worlds

    Work directly with your vendor, plus get all the perks and negotiated deals only an independent PKI broker can offer.

Download Our Free CLM Comparison Guide

Grab our free PDF for detailed comparisons of the
top certificate lifecycle management systems.

  • Features
  • Pricing
  • Integrations
pkicomparisonguide

How does the PKI broker process work?

Our Process