Main section
For whom our Cloud CLM works best
Cloud CLM offering: Application-as-a-Service (AaaS)
-
SwissSign hosts and operates the platform; powered by innovative French PKI firm Evertrust's software Horizon
-
Multi-tenant cloud with a dedicated logical tenant per customer: isolated configuration, access control, workflows, integrations and logically segregated data storage
-
Access via a dedicated web endpoint or REST APIs
-
SwissSign handles backups, security updates, maintenance, feature releases and connector upgrades - you manage users, permissions, integrations, workflows and certificate policies
-
Scales with your needs – start with just one certificate, grow with your migration timeline
-
Optional non-production environments available on request for testing/validation
Note: The cloud service does not deploy within your own infrastructure, except for the agent used to automate your web servers, which runs in your environment. For a fully self-hosted deployment, read more about our on-premises model or use the deployment selector.
What is the feature set of the Cloud CLM
-
Certificate discovery: configurable campaigns (scheduled or on-demand); lightweight Windows/Linux agent for local and network scans; external platforms can feed certificate data via native integrations
-
Centralised inventory across discovered, monitored and managed certificates (any CA, any location) with per-certificate attributes (identity, crypto properties, validity, deployment context, ownership) and built-in grading
-
Full lifecycle management: request → enrolment → issuance → renewal → revocation → replacement → automated distribution, with certificate profiles and approval workflows (segregation of duties). Self-service enrolment via WebRA
-
Monitoring & alerting: expiry timelines, lifecycle events, anomalies, via email, webhooks or integrations
-
Compliance scoring & governance: policy-driven grading, structured audit trail, built-in reporting catalogue, granular RBAC
-
Integration & APIs: comprehensive REST APIs; webhooks and multi-step automation
-
Private PKI integration and add-on options: integrate self-operated private PKIs, or add a new dedicated private PKI instance operated by SwissSign when needed for replacement or new use cases
Critical security & compliance advantages
-
TLS for all customer↔platform traffic; data at rest encrypted (databases + backups)
-
Sensitive data (credentials, escrowed keys, auth secrets) protected by application-level encryption backed by an HSM-protected KMS operated by SwissSign
-
Controls: traffic filtering, rate limiting, WAF, vulnerability management, platform hardening, monitoring
-
Identity & access: OIDC, local auth, and X.509 client-certificate auth; federation with Microsoft Entra ID, Keycloak and other OIDC IdPs; SCIM v2 for group sync; granular RBAC
What you're responsible for
We offer our Cloud CLM as an Application-as-a-Service for smaller or medium-sized organisations or teams with lean PKI set-ups. While we host and operate the platform, you will yourself manage
-
Users, permissions, integrations, workflows and certificate policies
-
Network connectivity (firewall, allowlisting, routing) and operating customer-side agents/connectors
-
Operational use of issued certificates and maintaining connected third-party systems
Discovery, issuance and deployment depend on the availability and compatibility of connected systems (CAs, cloud providers, IdPs, endpoints).
Ready to automate your certificates the easy way?
47-day certificates and post-quantum migration are coming fast, and manual renewals won't keep up. With our Cloud CLM, you get automation and Swiss-hosted sovereignty without standing up a single server. Start with a free evaluation tenant, or talk to our experts about the right set-up for your team.
Book a consultation today – and secure your digital infrastructure for tomorrow's challenges.
Frequently Asked Questions
Within a couple of days. Begin with a 60-day evaluation tenant; production conversion needs no migration if signed within 30 days of expiry.
Yes, you can integrate your existing PKI and continue to operate it yourself. Our CLM platform can be complemented by a flexible attractive private PKI option operated by SwissSign; not included in the evaluation licence) which can fully replace your existing private PKI.
Larger or heavily regulated/integrated estates are better served on-premises - consult our deployment selector.




