PKI Insights 6.0: Unified Platform for ADCS, HSM, SSL Monitoring & CLM

January 2, 2026 PKI Insights
PKI Insights 6.0 - Unified Platform for ADCS, HSM, SSL Monitoring and CLM

Digital trust rarely fails all at once – it usually slips through the cracks, with expired certificates, hidden cryptographic risks, and infrastructure no one is really watching.

Over the past few years, the Codegic team has been working closely with enterprises, security teams, and PKI operators to understand the practical challenges they face every day specially related to ADCS Monitoring. What became clear very quickly was that these challenges were not isolated. This boils down to three distinct areas to be addressed:

  • Critical infrastructure Monitoring: HSMs and certificate services like ADCS often remained under-monitored, despite being foundational to digital trust.

  • Certificate renewals: Becoming harder to manage as lifetimes continued to shrink.

  • Post-quantum cryptography: Interesting is growing but most organizations lacked visibility into where quantum-vulnerable cryptography existed.

Rather than tackling these issues separately, the focus became clear: they needed to be addressed together. Team Codegic is excited to announce the release of PKI Insights 6.0, a major step forward in how organizations monitor, automate and future-proof their certificate and trust infrastructure. This new release brings a new vision to life by unifying all monitoring under one roof such as:

  • ADCS Posture monitoring

  • HSM monitoring (Thales, Utimaco, Entrust)

  • Certificate lifecycle automation (Zero touch CLM)

  • PQC-aware SSL monitoring

  • MS Cloud PKI monitoring

Let’s take a deep dive.

A Unified Monitoring Dashboard for Complete Visibility

PKI Insights - Unified UI As PKI environments grow, visibility can quickly become fragmented. In PKI Insights 5.0, monitoring information was spread across separate screens for agents, Certificate Authorities, and scan management. While functional, this separation made it harder for teams to get a real-time, holistic view of their PKI posture at a glance.

With PKI Insights 6.0, this experience has been rethought from the ground up. The new Unified Monitoring Dashboard brings all critical components CAs, scans, agents, and monitoring engines into a single, consolidated view. Real-time statistics and status indicators provide immediate insight into system health, activity, and potential risks, without the need to navigate between multiple screens.

Before (PKI Insights 5.0):

  • Separate config screens for CAs, agents, and scan management

  • Limited real-time visibility across components

  • Higher operational effort to correlate system status

  • Slower identification of issues and dependencies

After (PKI Insights 6.0):

  • Single unified dashboard for CAs, scans, agents, and engines

  • Live, real-time monitoring statistics in one view

  • Simplified administration and faster decision-making

  • Improved situational awareness across the entire PKI landscape

This single-pane-of-glass approach reduces complexity while giving PKI teams the clarity they need to operate confidently in modern, distributed trust environments.

ADCS Monitoring: Beyond Certificate Issuance

PKI Insights - ADCS Monitoring - New Dashboard

Microsoft Active Directory Certificate Services remains widely deployed, but its reliability depends on more than certificate issuance alone.

PKI Insights 6.0 extends ADCS monitoring to include ADCS database disk usage, Windows event logs and role-specific events. These signals are continuously monitored to detect early warning signs that could impact CA availability or compliance. This is in addition to the existing monitoring such as:

  • 200+ checks made on issued certs

  • Detect and delete expired certs (automatically)

  • Alerting on template updates & Issuance of High valued certs

  • Detecting certificate issuance from unpublished templates

  • Detecting long lifespans & not following template configs

  • Published CRL matching with current issued CRL

  • Suspicious certificate issuance

  • About to expire certs

  • OCSP & CDP uptime & OCSP whitelisting

  • CA Up/Down time

PKI Insights works with all versions of Windows Servers such as 2016, 2019, 2022 & 2025.

This deeper visibility helps PKI teams prevent silent failures that often surface only during audits or service disruptions.

Detection of ADCS Exploits and High-Risk Misconfigurations

Different attack techniques have demonstrated how misconfigured ADCS environments can be abused for privilege escalation and domain compromise.

PKI Insights 6.0 actively detects SpecterOps ESC misconfiguration paths and PetitPotam relay risks, enabling security teams to identify and remediate dangerous conditions before they are exploited. PKI Insights - ADCS - ESC Alerts This turns PKI monitoring into a proactive security control rather than a passive operational check.

HSM Monitoring: Real-Time Insight

PKI Insights - Thales HSM Monitoring

PKI Insights 6.0 introduces comprehensive HSM monitoring for leading vendors including Thales, Entrust, and Utimaco. It provides real-time visibility into HSM health, partitions, firmware versions, and key-related activities, supported by built-in monitoring graphs.

Other than visuals, PKI admins can configure specific warning/error alerts and info alerts when ever HSM config changes allowing them to stay on top of the HSM activity.

This ensures that your HSMs remain available, compliant, and operational without relying on reactive troubleshooting.

Entrust HSM Monitoring

PKI Insights - Entrust HSM Monitoring

Utimaco HSM Monitoring

PKI Insights - Utimaco HSM Monitoring

SSL Endpoint Monitoring: Security, Compliance, and PQC Readiness

PKI Insights - SSL Endpoint Monitoring

SSL/TLS endpoints remain one of the most common and most exposed attack surfaces in enterprise environments. Expired certificates, weak protocol configurations, and outdated cryptography continue to cause outages and open the door to man-in-the-middle attacks.

PKI Insights 6.0 significantly enhances SSL Endpoint Monitoring by providing continuous visibility into certificate health, protocol security, and cryptographic posture across all monitored endpoints.

Beyond expiration tracking, PKI Insights evaluates whether endpoints are using acceptable SSL/TLS protocol versions, clearly identifying deprecated and insecure configurations such as SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, while validating compliance with modern standards like TLS 1.2 and TLS 1.3.

PQC Availability Checks

In addition, PKI Insights 6.0 introduces visibility into post-quantum cryptography (PQC) awareness. It detects whether an SSL endpoint is prepared for the post-quantum era by identifying the use of hybrid key establishment mechanisms (hybrid KEM approaches) that combine classical and post-quantum algorithms. This allows organizations to clearly distinguish between endpoints that are future-ready and those that still rely solely on classical cryptography.

PKI Insights - PQC TLS Hybrid Checks By combining protocol validation, cryptographic strength analysis, and PQC readiness checks, PKI Insights helps organizations eliminate hidden risks, prevent outages, and confidently plan their transition toward post-quantum-safe TLS deployments.

Certificate Auto Renewals Without Vendor Lock-In

PKI Insights - Cert Renewal Scan

Certificate expiration remains one of the most avoidable causes of outages and the challenge has only grown as certificate lifetimes will be dropped to:

  • 200 from March 2026
  • 100 from March 2027
  • 47 days by March 2029

PKI Insights 6.0 introduces automated certificate renewal and deployment for multitude of applications covering webservers, databases and enterprise messaging apps including: IIS, Nginx, Apache HTTP Server, Tomcat, PostgreSQL and more. Using lightweight agents, PKI Insights performs renewals directly on target systems, making the solution web server, db or messaging app agnostic by allowing it to work with PFX and PEM files.

This hence removes manual effort, reduces downtime risk, and ensures certificates are renewed and deployed seamlessly across heterogeneous environments.

Microsoft Cloud PKI Monitoring

PKI Insights - MS Cloud PKI Scan As organizations adopt Microsoft Cloud PKI, visibility often becomes fragmented across environments.

PKI Insights 6.0 delivers dedicated Microsoft Cloud PKI monitoring, tracking certificate issuance and service health while presenting cloud and on-premise PKI data in a single unified view.

This unified visibility simplifies governance, compliance, and operational oversight across hybrid trust architectures.

Secure Agent-Based Architecture for Controlled Visibility

Starting with PKI Insights 5.0, Codegic introduced an agent-based architecture to securely extend monitoring into sensitive and restricted environments. Instead of exposing PKI Insights directly to high-risk networks or critical components, lightweight agents act as trusted intermediaries.

PKI Insights - Agents These agents are deployed close to the systems they monitor – such as HSMs, SSL/TLS endpoints, and web servers – collecting operational and security data locally and relaying it back to the PKI Insights central command center for analysis and reporting. This design allows PKI Insights to monitor both highly secured PKI components and external internet-facing services without increasing the attack surface.

All communication between PKI Insights and its agents is secured using OAuth over TLS with server authentication, ensuring strong identity verification and encrypted data exchange. The result is a controlled, scalable, and security-first approach to PKI monitoring—one that balances visibility with isolation and minimizes exposure to potential threats.

PKI Insights Agents are supported for both Windows and Linux platforms.

Eliminating Single Points of Failure with Distributed PKI Insights Engines

PKI Insights 6.0 is designed to avoid this risk by allowing PKI administrators to deploy multiple PKI Insights engines in a Primary/Secondary monitoring model. In this setup, monitoring responsibilities can be distributed across engines, ensuring continuity even if one instance becomes unavailable due to maintenance, network issues, or infrastructure failures.

PKI Insights - Primary - Seconday Engines

Final Thoughts

PKI Insights - One unified product for CA, Endpoint, CLM and HSM monitoring PKI Insights 6.0 is designed to address real-world PKI challenges from preventing outages and detecting exploits to preparing for post-quantum cryptography.

By combining deep monitoring, security detection, automation and crypto-agility, PKI Insights enables organizations to operate their PKI infrastructure with confidence – today and as cryptographic standards evolve.

WANT TO SEE PKI IN ACTION?

Test drive PKI Insights and explore its powerful features.

Request for Download
Tags:

You may also like