Certificate Management and Secure Key Orchestration with Thales and AppViewX

AppViewX – Thales Joint Solution

AppViewX and Thales’s partnership helps enterprises overcome the challenges brought by managing private keys in a complex infrastructure. For enhanced security and compliance, private keys must be encrypted before they are stored in an enterprise’s infrastructure. Our combined solution gives the enterprise multiple options that cater to the specific needs of that infrastructure.

AppViewX acts as the automation and orchestration engine for the lifecycle management of X.509 certificates, and Thales Data Protection On Demand (DPoD) Cloud HSM or Luna HSM ensures the security of the private keys associated with those certificates in the cloud, on-premises or as a hybrid solution.

Solution Highlights

Certificate Management with Encrypted Private Key Storage in AppViewX

This solution is useful for enterprises seeking to generate and store private keys inside AppViewX and limit their encryption to the DPoD Cloud HSM service or on-premises Luna HSM for optimum resource utilization. Before being stored in an AES-256 encrypted database, the private keys undergo multiple layers of encryption by Data Encryption Key (DEK), Key Encryption Key (KEK) and Master Encryption Key (MEK). While the encrypted private key, encrypted DEK, and encrypted KEK reside inside AppViewX, the MEK is stored inside the HSM and cannot be retrieved. This solution is suitable for all ADC and server devices.

Certificate Management in AppViewX and Private Key Storage in Thales

Enterprises can use this solution to assign AppViewX to certificate management activities while the HSM is used to both generate and store private keys in the name of added security. The private key generated using the DPoD or Luna HSM cannot be removed and is completely shielded from tampering. This particular solution is suitable for all supported devices that can initiate direct communication with the HSM and use a key identifier to access private keys.

Comprehensive Role-Based Access Control

The first step in any access control process is having complete visibility into your certificate ecosystem. Sifting through the thousands of certificates in your inventory can be cumbersome. With our holistic view, CERT+ graphically represents important certificate information like chain of trust, associated devices and HSM. Users can also perform necessary lifecycle management tasks like issuing, renewing and revoking multiple certificates all within the holistic view itself.


  • Encrypt and protect private keys using industry-standard, FIPS 140-2 Level 3 certified HSMs with the flexibility of either on-premises or cloud-based services.
  • Manage and automate multi-vendor X.509 certificates across multiple devices
  • Gain visibility and control across all certificates and its keys
  • Enforce policies and ensure compliance across the network
  • Deliver secure communications faster by reducing certificate deployment time by up to 70%

About Thales

The people you rely on to protect your privacy rely on Thales to protect their data. When it comes to data security, organizations are faced with an increasing number of decisive moments. Whether the moment is building an encryption strategy, moving to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.