What’s New in PKI Spotlight | October 2022 Release Update

PKI Solutions is excited to announce the latest enhancements to PKI Spotlight, the first Public Key Infrastructure management solution built from the ground up for real-time monitoring and alerting of the availability, configuration, and security of all your PKI and HSM environments.

This release of PKI Spotlight introduces the following capabilities:

  • Certificate Revocation List (CRL) monitoring and pre-failure CRL error detection
  • Microsoft Network Device Enrollment Service (NDES) Is Alive checks
  • 38 Best Practice rules. The best practice rules include enforcement for CRL and Microsoft NDES roles.

Comprehensive CRL Monitoring and Best Practice Enforcement

The CRL monitoring and Best Practice enforcement rules in PKI Spotlight address the most common causes of CRL errors and PKI outages – expired CRLs. Expired CRLs are the most common causes of business-wide outages that organizations face – often multiple times a year. CRL issues also can lead to degradation in security posture because individual devices and products may fail “open” when encountering an expired CRL.


With this release, PKI Spotlight is the first product to check for publish failures before the CRL expiration, saving valuable hours to resolve issues before they impact the business.

First Of Its Kind Monitoring and Best Practice Enforcements for Microsoft NDES Roles

With this release PKI Spotlight introduces Is Alive checks for Microsoft NDES. This functionality adds 7 scheduled and automated health checks on Microsoft NDES and associated IIS servers. One of the checks if NDES has access to cryptographic key store and if HSM protected NDES keys are accessible

The Best Practice Rules enforce checks for critical Microsoft NDES configurations, such as expired NDES encryption and signing certificates. The rules engine also checks so checks for static NDES and no password settings.

38 New Best Practice Rules

The latest 38 “Out of the Box” (OOTB) best practices are derived from PKI Solutions’ decades of experience in PKI. In addition to best practice enforcement for CRL and Microsoft NDES roles, this rule set covers CAs, CRLs, Web Enrollment Services, NDES, and OCSP configurations and proactive health checks.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.