AD CS Cartographer

We’ve distilled our expertise into a powerful tool that automates advanced data aggregation techniques. Cartographer consolidates critical PKI insights—previously buried within the complex and outdated Active Directory tooling—into a single, intuitive, and exportable interface.

Gain full oversight of your PKI without the need for expert-level knowledge, costly consultants, or time-consuming manual analysis. Instantly access the essential details and actions you need, presented in a clear and actionable format.

Cartographer makes PKI monitoring faster and more accessible. Find certificates, monitoring system health, and preventing outages has never been simpler.

• Advanced real time on demand domain certificate scanning
• High speed, multi-modal certificate search
• Monitor certificate requests, pending, failed, and denied
• Report on certificate throughput and throughput trends
• Report on upcoming certificate expirations
• Analyze connections between certificates, reporting on user and device certificate holdings across domains
• Analyze certificate template availability and usage across certificate authorities and domains
• CRL and OCSP monitoring and alerting
• Simple and fast certificate issuance portal
• Immediate revocation actions
• Certificate authority uptime KPIs
• Alerting
• Automation and scheduling
• Upload certificates to Jellyfish
• Remote Certificate Authority integrations with Jellyfish
• RESTful API and API key delegation

Cartographer offers a single, remotely available web portal to replace the many fragmented certificate authority administration tools otherwise required to monitor an AD CS PKI.

With its ability to access all data from any Certificate Authority within its operating domain, Cartographer can analyze all issued, pending, rejected, failed, and revoked certificates throughout the entire lifespan of the Certificate Authority. The tool’s robust data analysis capabilities delve deeper into raw certificate PEM data, extracting powerful analytical information that remains unavailable through the standard AD CS database alone.

Collect, search, and action certificates faster and easier with your PKI analytical companion Cogito Jellyfish Cartographer.

Cartographer reads your domain, targets certificate authorities, and aggregates certificate and PKI information from across otherwise segmented active directory data storages.

Cartographer connects to stores for:

• Domains
• Domain Controllers
• Domain Services published Trusted Certificate Authorities
• Certificate Authorities connected to your Domain
• Certificate Templates and their relationships with Certificate Authorities
• Certificates, in any state (pending, issued, revoked) from a connected Certificate Authority

A deep and intimate understanding of Active Directory Directory Services (AD DS) and its integration with AD CS is no longer required to access the information you need to keep your organization running securely and with confidence.

The strong relationships built between certificates, templates, and requesting users and devices provide a comprehensive overview of technology access, utilizing data from the AD CS database. This advanced approach enables organizations to gain deeper insights and a higher level of understanding of their certificate landscape. Improving visibility and reducing risk.

Immediately revoke certificates by finding them with the high speed Cartographer certificate search and executing a revocation from right in the view certificate panel.

Cartographer’s integrated web portal provides a wide variety of analytical tools and report templates, flexible enough for even the most sophisticated of data slicing.

Cartographer reduces the workload of your security team by automating complex PKI data collection and analysis tasks, allowing your experts to focus on strategic decision-making.

User accounts may be delegated to operators without having to grant the otherwise required Administrator privileges that would grant them access to the PKI itself. Separate your concerns and responsibility by allowing analysts and consults only access to the data, not the PKI assets.

Submit certificate requests and execute revocations directly from the Jellyfish web portal on your own infrastructure securely managed by a Cartographer server through a long polling connection.

Enable advanced email and alerting functionality through a Jellyfish as a service server.

• Comprehensive Overview: See all Certificate Authorities across your Active Directory Forest.
• Briefings and Insights: Regular, detailed briefings keep your security team updated on the status and health of your PKI.
• Request Status and Monitoring: View certificate requests at any disposition stage, requests requiring approval, failed, or denied. Gain visibility of these requests, their trends, and certificate conversion rate.
• Template Tracking: Monitor certificate templates across all authorities, including detailed metrics on requested, issued, rejected, and failed certificates.
• Performance Metrics: Get detailed metrics on certificates, including issuance throughput, helping you quickly identify and address performance anomalies.
• Revocation Management: Track Certificate Revocation Lists (CRL), online CRL responders, and OCSP responders.
• Throughput Warnings: Be alerted to high volumes of failed or rejected certificate requests, ensuring prompt attention to potential issues.
• Service Status Monitoring: Stay informed when critical AD CS services, online responders, or enrollment agent services are offline.
• Immediate Certificate Issuance and Revoke: Issue and revoke certificates from any connected Certificate Authority directly from the unified Cartographer portal.
• Integrate with Jellyfish: Bring your certificate lifecycle management to the next level by connecting your existing PKI directly to your Jellyfish tenancy or deployment.

Export your data in a variety of formats, including a SQLite portable database file, CSV file, or Jellyfish Command and Control Import file.

Connect your Cartographer server to your Jellyfish Cloud or Jellyfish on-prem Command and Control portal for on premises PKI management. Improve the efficiency at which you manage your PKI through the advanced and extensive tools provided by the Jellyfish family of products.

Recover your data in the event of a loss of service or integrate cartographer into your backup and disaster recovery plan.

The Cartographer API exposes endpoints tailor made to support a wide variety of Reporting or Alerting use cases. Generate API keys and integrate your reporting tools with access to the Cartographer API to integrate our insights with your reporting and monitoring technology solution.

Postman, Curl, Power Shell, Custom Application, all of these can now access your PKI as easily as your operators can, through access to the Cartographer’s streamlined API backend.

For example:

• Assess all certificate authoritie’s health and list any problems with the Health API:

https://Cartographer.PKI.Cogtoso/API/Health/CertificateAuthority

• Assess a single certificate authority for any certificate throughput traffic anomalies with the throughput query parameter:

https://Cartographer.PKI.Cogtoso/API/Health/CertificateAuthority/CogCA360?category=throughput

• Return the quantity and identifying information of certificate expiring soon with the Certificate API:

https://Cartographer.PKI.Cogtoso/API/Health/Certificate?category=expiringsoon