Skip to main content

NetGuard Certificate Manager

Digital identity management with secured and standardized PKI

Why do communication service providers need a PKI system?

Mobile network operators use Public Key Infrastructure (PKI) to establish a trusted environment for electronic communications between radio network elements and the core network.

Therefore, they activate IP security tunnels, where the tunnel endpoints are authenticated with device-specific identity information, so called digital certificates.

This allows users and computers in the network to exchange network data securely. PKI requires a certificate manager in place to ensure efficient and secured management procedures.

Security certificates for 4G/5G networks with Nokia NetGuard Certificate Manager

The Nokia NetGuard Certificate Manager (NCM) consists of software and highly available and secure hardware. Based on a trusted certificate authority (CA), the NCM issues and manages digital certificates in a standardized and secure way. Its primary use is for 4G and 5G mobile networks where base stations and small cells are deployed in an unsecured area, and where a secured connection to the backbone network is required.

In that context, the IPsec protocol secures data exchanges with the Security Gateway and requires digital certificates for the purpose of identification. NetGuard Certificate Manager simplifies this process by setting up a Public Key Infrastructure (PKI), according to the 3GPP standards. In fact, it allows certificates to be securely and automatically enrolled to the base stations.

Secure Authentication for IoT with NetGuard Certificate Manager

For the Internet of Things (IoT), NetGuard Certificate Manager enables safe authentication of users, devices, applications and systems. Authentication happens without the need for tokens, passwords, or other non-standardized authentication schemes. The distributed architecture allows NCM deployments of active certificates to scale up to 100M+.

Our complete security management solution for digital certificate management

NetGuard Certificate Manager and Certificate Lifecycle Manager together form a complete security management solution enabling you to easily manage digital certificates at scale. 

Main benefits of NetGuard Certificate Manager

>100 million

security certificates supported


certificate operations supported per hour


intra-site failover

Multi-vendor interworking with NetGuard Certificate Manager

Multi-vendor interworking schematic

Benefits and features of NetGuard Certificate Manager: secure backhaul for RANs: IPsec, PKI, interoperability

Prevents security issues, where an unsecured backhaul connects base stations to the RAN (e.g. public places with easily accessible equipment)

  • Implements the IPsec protocol, as required by the 3GPP specification
  • Fully validated with Nokia radio products

Simplifies the exchange and management of certificates when using the IPsec protocol

  • Automates the certificates download using authenticated exchanges
  • Designed and tested to support a full PKI up to 6 levels
  • Easy management by either a graphical user or command-line interface

Increases interoperability by using standard management protocols

  • Supports all major certificate enrollment and validation protocols
  • Complies with various PKI-related RFC and 3GPP standards

Ensures service continuity with high availability

  • Fully redundant architecture provides carrier-grade reliability (99.99 percent availability)
  • Geo-redundancy offers autonomous site loss recovery


Ready to talk?

Please complete the form below.

The form is loading, please wait...