Gartner Research

The Resurgence of PKI in Certificate Management, the IoT and DevOps


Public-key infrastructure (PKI) and digital certificates are hard to manage. Organizations are also expanding the use of PKI within IoT and DevOps pipelines. Technical professionals need to transform the perception — and the deployment — of PKI to establish an automated management regime for PKI.

Published: 23 October 2018

ID: G00361777

Analyst(s): Erik Wahlstrom Paul Rabinovich

Table Of Contents


  • Certificate Management — Find, Control and Automate
  • DevOps — Integrate PKI Into the Development Pipeline
    • Continuous Integration/Continuous Delivery
    • Microservices
    • Containers
    • Code Signing
  • The Internet of Things — Target the Heterogeneity of Devices
    • Usage of PKI Throughout an IoT Device Life Cycle
    • PKI Vendor Support for IoT
  • A PKI Strategy That Bends in the Right Ways
    • Fit for Purpose
    • Out of Sight
    • Efficiently Validated
  • Disruptors
  • Strengths
  • Weaknesses


  • Establish a Strict PKI Management Regime, and Use Certificate Management Tools
  • Divide and Conquer PKI
  • Prepare for the Cryptopocalypse
  • Don’t Expect Certificates and PKIs to Be Free
  • Choose the Right Level of Vetting for Your SSL/TLS Certificates
  • Don’t Rely on Let’s Encrypt to Solve All of Your PKI Needs
  • Give Preference to “Real” CAs in the DevOps Pipeline
  • Carefully Model IoT Identity Needs
  • Consider Microsoft, but Be Realistic
  • Deploy PKI, and Treat It as Foundational to Your IAM Infrastructure

The Details

  • PKI Usage Within Mobility
  • PKI Usage Within the IoT
    • Manufacturing
    • Introduction
    • Validation
    • Managing
    • Sunsetting
  • Modern Validation and CA Monitoring Technologies
  • Dissecting PKI Disruptors
    • Quantum Computers
    • SSL Everywhere, SSL/TLS and Let’s Encrypt
    • Blockchain and Decentralized PKI
    • The OAuth 2.0 Framework and Proof-of-Possession Mechanisms
    • FIDO Alliance
  • Traditional Use Cases for PKI
  • Deployment Options for PKI
  • PKI Vendors

Gartner Recommended Reading

Already a Gartner client?

Become a Client

This research is reserved for paying clients. Speak with a Gartner specialist to learn how you can access this research as a client, plus insights, advice and tools to help you achieve your goals.

Contact Information

All fields are required.

By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

©2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.