DARZ Managed PKI & CLM – All Plans at a Glance
Start for free, upgrade flexibly!
Get productive immediately and gain valuable experience. Full version at no cost, no setup, up to 50 certificates.
All FREE Features
- Import & Manage unlimited own certificates for free
- Issue & Manage up to 50 active certificates at no cost
- Automation with ACME, EST, SCEP, CMP Automation powered by standard PKI protocols: ACME, EST, SCEP, CMP.
- Automation with REST API & CLI client Automate certificate management through API or CLI.
- Microsoft AD CS integration Seamless CLM integration with Microsoft ADCS.
- Certificate Discovery Seamless discovery and tracking of server certificates in your network.
- Flexible Certificate Lifecycle Management Manage, monitor, issue, renew, and revoke certificates—plus reporting, role & access management, and policy control with certificate templates for all common applications.
- Powerful Certification Authority (CA) The MTG CARA Certification Authority is automatically connected to the CLM and ready for use.
- Own Root CA
- Own Sub CA
- Keys from your CA protected in shared HSM
- Hosted on shared infrastructure
-
Self-service support We offer you a comprehensive collection of resources for direct online help:
- Videos
- Guides & How Tos
- Online documentation
- Frequently Asked Questions (FAQ) - OCSP & HTTP CRLs OCSP validates certificates in real time, whereas HTTP CRLs rely on downloaded revocation lists.
- Comprehensive cryptography: RSA, EC, PQC Full support for all major PKI algorithms: classical, elliptic curve, and post-quantum secure.
Ideal for mid-sized companies with higher certificate volumes & support needs. Includes advanced features & flexible scalability.
All BUSINESS Features:
- All FREE Features
- Issue & manage up to 10,000 active certificates in 500-certificate price tiers
- Multiple Sub CAs
- Microsoft Active Directory integration (Microsoft Autoenrollment) Seamless certificate automation in Active Directory (AD) with Autoenrollment Connector
- Hosted on shared high-availability infrastructure
- 24/7 hotline support
Optional features:
- IP-based access rights
- VPN access
- Consulting & Premium Support Find full details in Services.
Customized software solutions designed precisely to your individual requirements and evolving business needs.
All ENTERPRISE Features:
- All FREE Features
- All BUSINESS Features
- Issue & Manage unlimited active certificates with flexible pricing tiers
Optionale Features:
- Multiple Root CAs e.g., useful when multiple algorithms are required for different types of certificates.
- Offline Root CA
- Dedicated Hardware Security Module (HSM)
- Hosted on dedicated infrastructure
- Special billing model for IoT device manufacturers
Our Offering in Detail
Compare All Plans
| Features | FREE | BUSINESS | ENTERPRISE |
|---|---|---|---|
| Certificate Lifecycle Manager (CLM) Comprehensive certificate management: monitoring, issuance, renewal, revocation, reporting, role & access control, plus policy management with templates for all common applications. | |||
| Import Public Certificates Easily import and manage unlimited active public certificates. | unlimited | unlimited | unlimited |
| Import Private Certificates Easily import and manage unlimited active private certificates. | unlimited | unlimited | unlimited |
| Certificate Discovery Automatic identification and tracking of server certificates in your network. | |||
| Issue & Manage Certificates Only active issued certificates are counted. Active certificates are those that are neither expired nor revoked. Imported certificates are not counted. | up to 50 active certificates | up to 10,000 active certificates, scalable in steps of 500 | unlimited active certificates, scalable with flexible tiers |
| Automation with ACME, EST, SCEP, CMP Support for standardized PKI protocols for automation: ACME, EST, SCEP, CMP. | |||
| Automation with REST API & CLI Client Enables automated management of certificates via API or command line. | |||
| OCSP & HTTP CRLs OCSP offers real-time certificate validation, while HTTP CRLs use downloaded revocation lists. | |||
| Public Key Infrastructure (PKI) Private CA integration with MTG CARA | |||
| Microsoft AD CS integration Integration of MS ADCS with the CLM system | |||
| Certificate issuance with Microsoft Active Directory integration Automatic certificate issuance via Active Directory (AD) with Autoenrollment Connector. | |||
| Public CA Integration – GlobalSign A contract with GlobalSign is required. | |||
| Public CA Integration – PSW Group A contract with PSW GROUP is required for certain public certificates from Sectigo. | |||
| Identity Management via Keycloak & Microsoft Active Directory Synchronize users and role management from Microsoft AD with the CLM through Keycloak. | |||
| Own Root CA A single Root CA is sufficient in most cases. | |||
| Additional Root CAs Multiple Root CAs are useful, for example, when different algorithms are used for different certificate types. | (optional) | ||
| Offline Root CA | (optional) | ||
| Own Sub-CA A dedicated Sub-CA is provided. | |||
| Additional Sub-CAs Additional Sub-CAs may be added if required, at no additional cost. | |||
| RSA cryptography Supports multiple key lengths: 2048, 3072, 4096, 8092. | |||
| Elliptic curve cryptography Supports NIST, Brainpool, and Edwards elliptic curves. | |||
| Post-quantum cryptography Future-ready: support for ML-DSA and SLH-DSA algorithms. | |||
| Flexible notification system Configure alerts for certificate expirations and compliance issues. | |||
| Infrastructure hosting (shared) | |||
| High-availability infrastructure hosting (shared) Shared, high-availability hosting for maximum reliability | |||
| High-availability infrastructure hosting (dedicated) Additionally & optional: Dedicated deployment options for management. | (optional) | ||
| Shared HSM Secure storage of CA keys in shared HSMs. | |||
| Dedicated HSM Storage of CA keys in shared or dedicated HSMs. | (optional) | ||
| Public internet access | |||
| VPN access Incl. 1x VPN access (additional VPN access optional). | (optional) | (optional) | |
| IP-based access control Incl. 1x IP-based access (access rights for additional IPs optional). | (optional) | (optional) | |
| Self-service support | |||
| 24/7 hotline & ticket support | |||
| Contract term | Unlimited | Minimum 12 months, then cancellable monthly | Minimum 12 months, then cancellable monthly |
PKI for Mid-Sized Businesses
Get started now with DARZ Managed PKI & CLM
Full Control. Less Errors. More Automation.
Whether you want to automate your first certificates or redesign your PKI from the ground up, “DARZ Managed PKI & CLM powered by MTG” makes it easy, secure, and reliable to get started. Our customers value not only our technology and expertise, but above all our dependable collaboration: with direct access to experienced PKI experts – no detours, no obstacles. Personally available, solution-oriented, and there exactly when it matters most.
The ideal way to get started with the FREE plan: With the free full version of our DARZ Managed PKI & CLM solution, you can begin working productively right away — with no setup required and no cost. Usage is limited to 50 certificates, but all features are fully available. This allows you to gain valuable hands-on experience and even import and manage your own certificates at no charge.
The DARZ Managed PKI & CLM offering combines German technological expertise with highly secure operations in Germany. The PKI & CLM software is provided by MTG, a leading specialist in encryption technologies and PKI. Operations are conducted exclusively in DARZ’s fail-safe, scalable, and multiply certified data centers in Darmstadt and Frankfurt — with full data sovereignty over all keys and data.
MTG CLM makes certificate management simple, transparent, and secure. The interface is deliberately designed to be intuitive and user-friendly, enabling IT teams without specialized PKI expertise to efficiently manage all certificate processes. Whether requesting, renewing, revoking, or reporting, all functions are centrally available and can be automated. This helps prevent errors, reliably meet compliance requirements, and significantly reduce day-to-day dependence on specialized experts.
With automation in MTG CLM, time-consuming and error-prone routine tasks are reliably eliminated. Certificates can be fully automated, from enrollment and renewal to distribution and revocation, whether for servers, network devices, mobile endpoints, or applications. Thanks to support for common standard interfaces (ACME, EST, SCEP, CMP), as well as REST API and CLI, virtually any infrastructure can be integrated.
The result: less effort, reduced risk, greater security, and IT teams can focus on their core responsibilities instead of tracking certificate expirations.
Not every company has in-house PKI expertise, and it doesn’t have to. We work with a partner network of experienced consultants, giving you access to in-depth expertise at any time. From initial preparation and support during implementation and migration to ongoing operational guidance, our experts ensure that projects are delivered faster, more securely, and in full compliance, without the need to build up internal specialist resources.
The development of quantum computing will make traditional cryptographic methods such as RSA and ECC insecure in the long term. With DARZ Managed PKI & CLM based on the MTG PKI, organizations are already prepared for this shift today. The platform supports the post-quantum algorithms standardized by NIST and is consistently designed for crypto-agility, ensuring a smooth transition into the post-quantum era.
With “DARZ Managed PKI & CLM powered by MTG”, companies maintain full control over their costs at all times. Getting started is free with the FREE plan. In the BUSINESS plan, you can scale flexibly in increments of 500 certificates, with small price steps up to 10,000 certificates. The ENTERPRISE plan also offers fair pricing tiers for large volumes, where the cost per certificate decreases significantly as volumes grow.
Full Control. Less Errors. More Automation.
PKI Made Easy – Start for Free Today!
We support you every step of the way to your own corporate PKI.
