Certdog
Overview
Certdog is a certificate authority and certificate lifecycle management platform developed by Krestfield. It provides a unified system for hosting internal certificate authorities, interfacing with existing CAs including Microsoft Active Directory Certificate Services, and managing the full certificate lifecycle through a web-based interface and REST API. The platform supports HSM key protection, cloud key stores including AWS CloudHSM, Azure Key Vault, and Google KMS, and includes discovery and monitoring capabilities for maintaining visibility across the certificate estate.
Unsung is a Certdog Gold Partner and Value-Added Solutions Provider. We have extensive implementation experience delivering Certdog for UK customers, with particular expertise in Microsoft ADCS environments where Certdog provides certificate visibility and automation without requiring complete platform replacement.
The Challenge
Many organisations operate Microsoft Active Directory Certificate Services as their primary PKI, often deployed years ago with limited visibility into the certificates it has issued and minimal automation for renewal. As certificate volumes grow and lifetimes shorten — with 47-day TLS certificate lifetimes now on the horizon — manual management through native ADCS tooling becomes increasingly unsustainable.
Organisations frequently lack a central view of all certificates across their environment, cannot easily identify certificates approaching expiry, and have no automated processes for renewal. When certificates expire unexpectedly, the resulting outages affect critical services and erode confidence in the IT team’s ability to maintain operational continuity. Replacing the entire PKI platform is often disproportionate when the underlying ADCS infrastructure is sound but the management layer is insufficient.
What It Does
Certdog addresses these challenges by providing a management and automation layer that works alongside existing PKI investments. It can host any number of internal root and intermediate certificate authorities with HSM-backed key protection, whilst simultaneously interfacing with external CAs including Microsoft ADCS and Keyfactor EJBCA. All certificates — whether issued by Certdog’s own CAs or external authorities — are stored in a central, searchable database with configurable expiry monitoring and email notifications.
The platform provides CRL and OCSP services for internal CAs, supports standard enrolment protocols, and offers a REST API, PowerShell scripts, and .NET and Java clients for integration into existing workflows and DevOps pipelines. TLS discovery scanning identifies certificates across the network, whilst CRL and OCSP monitoring utilities track the health of validation services. Certdog deploys on Windows, Linux, or as a Docker container, and supports both single-tenant and multi-tenant hosting configurations.
How Unsung Helps
Unsung’s Gold Partner status with Certdog reflects our deep implementation experience with the platform, particularly in Microsoft ADCS environments. Our consultants help clients assess their current certificate management challenges, design appropriate deployment architectures, and implement Certdog to deliver immediate visibility and automation across the certificate estate. For organisations that need a broader assessment of their PKI environment before selecting tooling, our PKI Health Check provides an independent evaluation with actionable recommendations.
Related Unsung Services
Certificate Lifecycle Management — Establishing visibility, control, and automation across the certificate estate.
PKI Health Check — Assessment of existing PKI environments with prioritised recommendations.
PKI Consultancy — Independent advisory on PKI strategy and certificate management tooling.
PKI Management & Hosting — Managed PKI services including certificate authority operations.
