Andreas Schwier | 11 May 2022
The PKI-as-a-Service Portal now offers the ability to operate your own TrustCenter. With this new function you can create your own PKI with the SmartCard-HSM as secure key store for the certification authority.
Create your own cloud-based PKI, which a Root-CA, Sub-CA and people or systems for which you issue certificates. The workflow system keeps you in control and users can use the portal to manage SmartCard-HSMs, keys and certificates. With the TrustCenter managing a larger user base becomes a lot easier. You can support your own closed user base or allow any registered user to obtain a certificate from your public TrustCenter.
A core principle of the PKI-as-a-Service system is, that you keep the keys, while the software runs in the cloud. That allows you to migrate an existing CA to the portal and vice versa. It gives the term air-gap-system a new meaning - you enjoy the benefit of a cloud system, but don’t comprise the security of your CA keys.
But you could also run the portal on-site with a closed user group or have a dedicated cloud instance. We also provide a hosted service, where we keep the system running and you can focus on your own business without becoming a PKI-Expert.
The new TrustCenter function is currently beta and we invite users to try it out. We’d love to receive feedback. Please let us know, if something is missing for your specific use case.
When you register at the PKI-as-a-Service Sandbox you are automatically enrolled as subscriber and are entitled to create a TrustCenter. The data on the sandbox will be removed frequently, as we continuously work on it and update the software base. Alternatively you can download a copy of the software from the CDN and run that locally, e.g. in a Docker container.
In the next couple of weeks we will publish screencasts that explain more details of the system:
- Preparing a TrustCenter HSM explains the basic steps require to prepare a SmartCard-HSM for the TrustCenter function.