Keytos Documentation Home

Welcome to the Keytos documentation, your comprehensive resource for all things related to PKI, smart card authentication, FIDO2, and SSL management. Our tools make it easy to achieve full passwordless authentication, and in this documentation, you’ll find everything you need to know to get started as well as industry best practices.

Zero Trust SSH

EZSSH uses SSH Certificates to create short-term access keys signed by our HSM-backed Certificate Authority (CA) that grant just-in-time access to your resources while creating an audit log that can be traced back to the user and their actions. The best part? The user doesn’t have to do anything extra - they just type the command, and we handle everything in the background. And since EZSSH uses native SSH Certificates, most Linux distros can trust a specified CA and accept certificates from it without any additional changes.

Isolated Certificate Authorities

Each policy inside each customer’s account gets its own HSM-backed Certificate Authority, creating an identity perimeter limited to your own access policy. We also offer a “bring your own CA” option where you can bring your own Azure Key Vault and give EZSSH create and sign permissions, allowing you to remain in control of your private keys and how they’re used.

PKI As A Service

EZCA allows you to run and scale your own highly available private CA service without the upfront investment and ongoing maintenance costs of operating a private Certificate Authority. With EZCA, you can quickly deploy a highly available HSM-backed PKI deployment in a few clicks, leaving the management to our world-class PKI experts and freeing up your team to work on other pressing security tasks. EZCA also integrates with key management systems like Azure Key Vault allowing you to automatically manage and rotate all certificates across multi-cloud and hybrid deployments.

WebTrust Level Security

Offload time consuming tasks such as HSM provisioning, PKI patching, CRL distribution, disaster recovery, and more to the cloud. EZCA allows your team to quickly deploy a highly available HSM backed PKI deployment in a few clicks. Leaving the PKI management to our world class PKI experts and freeing up your team to work on other pressing security tasks.

Secure By Default

While other legacy PKI solutions are hard to set up increasing the probability of a misconfiguration that can cause an outage or even worse; expose your company. EZCA was designed and tested by PKI experts across the world. Making it easy for anyone to set up a world class HSM backed PKI in minutes.

Cloud RADIUS As A Service

EZRadius is a cloud-based RADIUS service that allows you to move your network authentication to the cloud. EZRadius is designed to be easy to use and easy to integrate with your existing infrastructure. It’s also highly available and scalable, so you can be sure that your users will always be able to access the resources they need.

Truly Passwordless Onboarding

EZSmartCard is the first truly passwordless onboarding tool for SmartCards. EZSmartCard’s industry leading technology enables users to quickly create their secure identity without the help of the IT Help Desk.

Meet Your Infrastructure Needs

After years of working with highly regulated organizations, we understand that when it comes to security there is no one size fits all. Our tools are designed to be able to: run fully on premises managed by your team, in the cloud managed by your team while still connecting to your on premises Certificate Authority, or fully managed by Keytos (Including cloud based HSM backed CAs) leaving the infrastructure management to our team of experts allowing your team to focus on other pressing security issues.

Meet and Exceed Regulatory Requirements

With the rise of cyber-attacks have also come a wave of new regulatory requirements that require organizations to adopt the zero-trust identity features such as Microsoft’s unphishable credentials. EZSmartCard’s Zero trust design is the easiest way to enable Azure Certificate based Authentication.

SSL Monitoring

EZMonitor scans and monitors your SSL certificates across the internet and uses our cloud intelligence to alert you if any business critical anomalies are detected.

Turnkey Monitoring

EZMonitor’s hosted architecture gives you full visibility into your all your SSL certificates in one convenient dashboard. Enabling your team to start monitoring your SSL health and security in minutes. In addition to our dashboard, EZMonitor adapts to your team needs by enabling you to receive the generated alerts by: Email, SIEM integration, or by calling our APIs.

Prevent Costly Outages

According to Gartner, the average outage costs companies $300,000 per hour. EZMonitor was designed to help the more than 80% of companies reporting a certificate related outage in the past 2 years.

Meet and Exceed DHS Requirements

The Department of Homeland Security requires all federal agencies to use a Certificate Transparency monitor such as EZMonitor to detect rogue SSL certificates.