1. /
  2. Products & Solutions/
  3. Products/
  4. Mobile Security and Management Product Family/
  5. Managed PKI Service

Symantec Managed PKI Service

Lower Cost and Complexity with a Managed, Cloud-Based Solution

Symantec, the leading provider of cloud-based PKI solutions, delivers a proven and trusted solution to secure communications for users and connected devices for the Internet of Things. Built on Symantec’s, globally managed, highly reliable cloud-based infrastructure, Symantec Managed PKI Service reduces the cost and complexity associated with in-house PKI and allows enterprises to focus on delivering solutions, instead of infrastructure.

PKI Manager

Supported web browsers

  • On Windows 7 SP1 (32-bit and 64-bit)
    Internet Explorer (IE) 8, 9, or 11
    Firefox 38
  • Windows 8.1 (32-bit and 64-bit)
    IE 11

PKI Certificate Service

Supported web browsers

  • Windows 7 SP1 (32-bit and 64-bit)
    IE 8 (32-bit), IE 9 (32-bit), IE 10 (32-bit), IE 11*
    Firefox 38
    Chrome 43**
  • Windows 8.1 (32-bit and 64-bit)
    IE 11*
    Firefox 38
    Chrome 43**
  • Mac OS X v10.9.5
    Safari 7.1.6
    Firefox 38
  • Mac OS X v10.10.13
    Safari 8.0.6
    Firefox 38
* The renewal plug-in is not supported in IE 11 if Enhanced Protection Mode (EPM) is enabled. EPM is disabled by default in IE 11.
** The Chrome browser is supported for certificate lifecycle operations using PKI Client only.

PKI Client

Supported web browsers

  • Windows 7 SP1 (32-bit and 64-bit)
    IE 9 (32-bit), IE 10 (32-bit), and IE 11
    Firefox 38
    Chrome 43
  • Windows® 8.1 (32-bit and 64-bit)
    IE 11
    Firefox 38
    Chrome 43
  • Mac OS X v10.9.5*
    Safari 7.1.6
    Firefox 38
    Chrome 43
  • Mac OS X v10.10.3**
    Safari 8.0.6
    Firefox 38
    Chrome 43
* Managed PKI does not support Government Edition CAC (Common Access Cards) and PIV (Personal Identify Verification) smart cards on the Mac OS.

** Managed PKI does not support any hardware tokens on Mac OS X10.10.x, including Government Edition CAC and PIV smart cards.

PKI Enterprise Gateway

Supported Operating Systems

  • Microsoft Windows Server 2008 R2 Enterprise/Standard (64 bit)
  • Microsoft Windows Server 2008 R2 SP1 Enterprise/Standard (64 bit)
  • Windows Server 2012 R2 Standard

Supplementary Required Components

  • Memory: 4 GB RAM and 100 GB hard disk space
    Virtual directory: VMware vSphere 4 and 5 or VMware View 5.4
  • Web server: IIS 7.5, NET Framework 4.0 (Windows 2008) or IIS 8, NET
    Framework 4.0 (Windows 2012), .NET Framework 4.5 (Windows 2012 R2)
  • User Stores: Microsoft Active Directory 2008, Novell eDirectory Server v8.8.5, Oracle Directory Server 11gR1 11.1.1.5.0 or OpenLDAP 2.4.35
  • Key escrow datastore: The key escrow datastore is used to escrow private keys locally, as part of the key escrow and recovery option. The key escrow datastore supports Microsoft SQL Server 2008 and Oracle 10g RDBMS datastore databases.
  • Additionally, Symantec has qualified the key escrow datastore on OpenLDAP 2.4.35, Novell eDirectory 8.8.5, and Oracle Directory Server Enterprise Edition 11gR1. Symantec expects that the key escrow datastore also works on other LDAP-based directories.

Supported Hardware Security Modules

  • SafeNet Luna SA with HSM Client software version 4.4.1*
  • SafeNet Luna SA (with remote PED) with HSM Client software version 4.4.1
  • SafeNet Luna SA5 with HSM Client software version 5.1.1
  • SafeNet Luna SA5 with HSM Client software version 5.2.1
  • SafeNet Luna SA5 (with remote PED) with HSM Client software version 5.1.1
  • SafeNet Luna SA5 (with remote PED) with HSM Client software version 5.2.1
  • SafeNet Luna PCI (Model 3.0)* SafeNet Luna G5
  • SafeNet Luna 5.3.1 with HSM Client software version 5.3.1-1
  • SafeNet Luna PCI-E
  • *You must contact SafeNet to obtain and install the software patch appropriate to your driver version.
  • For PKI Enterprise Gateway without the key escrow and recovery service, use the key signing variant of the HSM (the default). If using the optional key escrow and recovery service, you must obtain the key generation (key export) variant of the HSM from SafeNet, which includes the key signing varian.

iOS devices

  • All devices running iOS 6, 7, and 8.1

Android devices

Managed PKI supports issuing digital certificates on many Android devices. New Android mobile devices are constantly being qualified. Refer to https://knowledge.symantec.com/support/mpki-support/index?page=content& id=AR2090&actp=search&viewlocale=en_us for the most up-to-date list of supported devices.

CONTACT US