Custody and centralised management of digital certificates

SealSign Central Key Control allows storing certificates in a centralised, controlled and secure manner in HSM devices that let only authorized users perform authentication, signature or encryption processes without installing private key locally on the computers or devices. A fully transparent process for users.

Do you want to know more about SealSign Central Key Control ?


Secure storage

Of digital certificates (whether personal, professional or corporate) in secure devices specialized in key custody.

It maintains control

Over who can perform operations on certificates through use policies and traceability of those operations carried out.

Ease of use.

It simplifies the use of certificates from applications on mobile devices with no need to upload certificates onto the device, streamlining management and precluding those risks associated with theft or misplacement of the mobile device.

Reduction in the costs

Associated with the management and customization of smartcards, enabling the creation of a single virtual smartcard per user.

SealSign Administration


  • Secure certificate storage space exclusive to each user (Virtual Smartcard) protected by a PIN/Password or biometric credential.
  • The SealSign CKC agent enables local use of certificates with no need to modify applications and can co-exist with local certificates.
  • Integrated with Microsoft Active Directory.
  • Record and auditing of all operations performed.
  • Possibility of establishing proactive rules for delegating and limiting the use the certificates (by systems, users, processes and URLs).
  • Flexible and customizable report generator.
  • Issuance of configurable alerts about expiration or revocation of digital certificates.
  • Options for creating an inventory of certificates in use at workstations.
  • Compatible with remote terminals such as Windows Terminal Services, Citrix XenApp and XenDesktop.
  • Integrated with authorities recording Certification Service Providers for direct issuance of certificates in HSM (check list).

Technical Features

  • Windows Server 2008 (R2), 2012 or 2016.
  • Internet Information Server and .NET Framework 4.6.2 SP1 or higher.
  • SQL Server (Express) to store the configuration and audit logs.
  • Multiple independent instances can operate on each server.
  • High availability via software IP balancing (NLB) or external hardware.

Who is it aimed at?

  • Companies that want to replace their store of certificates on cards making reports on use.
  • Companies that want to automate their hiring flows for tenders. It’s a unique mailbox for signing all the electronic documents that need to be reviewed or approved.
  • Companies with a need to store data in a centralised and secure manner.
  • Companies that need to protect the certificate of a legal entity to be used exclusively in specific situations and times.
  • Companies that need to include authentication, signature or encryption processes without installing private key locally on the authorized users’ computers or devices.
Contact Us

Make the right decisions

Cybercriminals do not rest, do not wait any longer and contact us to find out what are your company needs in cyber security.




Electronic and biometric signature of electronic documents.



Biometric digital signature in the cloud.

Sealsign SaaS