Manage the lifecycle of identities

INeS CMS (certificate management solution) is not only managing the certificate issuance but also managing the whole life-cycle of the certificates for IoT devices.


Manage the digital identities of IoT devices

Certificate-based (PKI) authentication is the best practice for device authentication and there could be more than one digital certificate in the IoT device for accessing different services of IoT application. Therefore, managing the certificates for each IoT device is critical since the invalid or expired certificates can lead to failures of IoT application. Our managed PKI solution (INeS CMS) ensures the connected IoT devices are authenticated and users can manage the life-cycle of digital identities in the IoT devices by their preference.

Picto SEAL SQ - Open interfaces support-1


INeS CMS provides open interfaces (RESTful APIs & EST) for automating the process from certificate issuance to certificate renewal/revocation. 

Picto SEAL SQ -  Certificate inventory

Certificate inventory

Certificate and its status can be viewed in a centralized web portal, the statistical data of certificates are shown on a dashboard.

Picto SEAL SQ - Shorter validity of identities

Shorter validity of identities

Thanks to the managed PKI solution, users can design a shorter validity of certificates and renew them frequently instead of one certificate for the entire life-cycle of an IoT device.

Picto SEAL SQ - Flexible (2)


The time when to issue the requests for certificate enrolment, renewal and revocation can be flexible based on IoT application and users can customize the workflow of managing the certificate life-cycle.

SEAL SQ Identity Lifecycle ManagementThe challenge _ Invalid or expired certificates lead to failures

The challenge : Invalid or expired certificates lead to failures

Certificates in the IoT devices allow them to define who they are and what can be authorized. Each of the certificates can be the identity credential to access different services of an IoT application. If the certificates are not managed properly, the whole IoT application could fail.

The Solution: INeS Certificate Management Server (CMS)

Our SaaS product, INeS CMS, is a “managed” PKI service that users can easily manage certificates in a centralized web portal. Moreover, the openness of APIs for certificate enrolment/renewal/revocation helps users to design the workflow of managing the life-cycle of each certificates. 

SEAL SQ Identity Lifecycle ManagementThe Solution_ INeS Certificate Management Server (CMS)


Picto SEAL SQ -  Complete visibility

Centralized web portal and dashboard

Users can view the statistical data of certificates in the dashboard of INeS CMS.   

Picto SEAL SQ - CA management

Certificate Management

INeS CMS supports the definition of certificate templates, the generation of standalone certificates or batch certificates, and the management of the issued certificates (i.e. monitor, revoke, re-key). 

Picto SEAL SQ - Log auditing

Log auditing

INeS CMS logs each operation in CMS, i.e. user login, certificate enrolment, certificate revocation, so that users can monitor the status and historical data of certificates.

Picto SEAL SQ - ID generation & management

Open interfaces support

RESTful APIs and EST enrolment are available for automating the certificate enrolment process and managing the life-cycle of devices.

Picto SEAL SQ - Public cloud integration

Public cloud integration

INeS CMS integrates with public cloud services like AWS IoT Core and Azure DPS/IoT hub. IoT devices can easily on-board to a public cloud by using the certificates issued by INeS CMS for device attestation.

Picto SEAL SQ - Client library support

Client library support

Client library and sample code are supported in different programming languages.

SEALSQ Whitepaper - INeS PKI-aaS platform for managing the DAC for Matter_v1.1-1

Using INeS PKI-aaS Platform to manage Matter DAC

SEALSQ provides a complementary solution on PKI that is required for Matter smart home devices during the secure onboarding process...


Download E-book


Security-by-Design for a trusted connected world

News WiSun Alliance

Wi-SUN Alliance 

 Wi-SUN Alliance Selects SEAL SQ PKI Services to Deliver Digital Certificates to Consortium Members


SEAL SQ to join CSA alliance 

SEAL SQ to join CSA alliance to Deliver Digital Certificates to OEMs manufacturing MATTER compliant IoT devices