Home | Solutions | Features


SwissPKITM features single or multi-tenant configurations, on-premises or cloud deployments as well as single or clustered Hardware Security Modules.

For centralized key management, high availability, and failover features, SwissPKITM seamlessly integrates with all major Hardware Security Module manufacturers.

SwissPKITM supports the issuance and management of publicly trusted and qualified certificates. Its implementation is governed by the following standards and specifications:

  • Certificate Issuing and Management Components Protection Profile as specified by the Common Criteria (CC)
  • ETSI CAs issuing Qualified Certificates meeting requirements of Regulation
  • ETSI CAs issuing Web Site certificates meeting requirements of the CA/Browser Forum documents
  • ETSI Other Trust services including time-stamping and CAs issuing certificates other than qualified certificates
  • Mozilla CA Browser Forum Baseline Requirements and Network and Certificate System Security Requirements (CT Log, DNS Owner Checks, and CAA Checks)

  • Swiss ZertES and TAV recommendations

  • X.509v3 RFCs


SwissPKITM is multitenant and enables you to host on the same deployments, multiple organizations or customers.

The solution is composed of independent modules which can run as a single application with horizontal scaling support in a network zone of your choice. Additionally, the modules can be organized into packages to form one application also supporting horizontal scaling in a network zone of your choice.

Web Portals

Web portals for SwissPKI Administrators, Operators, and Registration Officers

Certificate Life Cycle Management

Certificate life cycle and workflow management, issuance, revocation, and publication supporting internal, public trust, and external Certification Authorities

OpenAPI v3

REST API for automating PKI deployments from administrative tasks, onboarding of users to certificate issuance

Microsoft Autoenrollment
Automatic certificate enrollment for Windows users and machines on their Windows Domain


Simple Certificate Enrollment Protocol to help IT administrators issue certificates automatically to network and mobile device


Automated certificate deployment between servers and Certification Authorities

PKI Adapter to automate certificate issuance and renewal for the next generation networks


Online Certificate Status Protocol for obtaining real time revocation status of digital certificates


Timestamp service to independently and irrefutably prove the time of a transaction, the time a document was signed and when it was archived

  • Authentication and Authorization

    SwissPKITM offers several built-in authentication mechanisms which you can enable or disable based on your environment’s requirements.

    – Username/Password with TOTP
    – LDAP Server
    – OpenID Connect
    – Kerberos
    – JSON Web Token for REST API

    Access control to the SwissPKITM functionalities is managed through a standard PKI role-based model backed up with a fine-grained Create/Read/Update/Delete permission settings pattern controlled through permission templates which you can configure to your organization’s needs.

    The role-based access control and permissions apply transparently to both remote API calls and user interface interactions.

  • Flexible Workflow Integration

    SwissPKITM lets you organize certificate registration, renewal, and revocation workflows by combining optional authorization and notification rules.

    Whether you require specific document uploads or authorizations upon certificate issuance for a certificate type associated to a specific user group, SwissPKITM enables you to combine predefined workflow rules for your individual business needs.
    Standard certificate expiry notifications and dashboards are also available and ready to use.

  • Automation and Integration

    In addition to the standard PKI automation services such as Microsoft and Linux integration through CEP/CES and ACME protocols, SwissPKITM provides a complete set of OpenAPI v3 REST API specifications to let you automate your PKI integration with your business requirements in the programming language of your choice. Whether you require specific user onboarding or certificate issuance, administrative or operational integrations, OpenAPI gives you the entire flexibility you need to integrate and automate your environment.

  • External Certification Authority Management

    SwissPKITM lets you integrate external certification authorities and Public Trust Certification Authority for you to benefit from the integrated certificate management lifecycle, certificate expiry, and renewal notifications. You take advantage of the integrated certificate management provided by SwissPKITM.

  • Validation Rules

    Whether you issue public trust or private certificates, SwissPKITM supports validating individual certificate fields on a structural and content level at runtime using predefined validation rules.

    Additionally, external service interfaces are available if you need to extend the pre and post-validation of your certificates against custom data sources. Examples of standard validation rules are Subject Distinguished Name, Subject Alternative Name, Domain Owner Check, Certificate Transparency Log, and Certificate Linting validation mechanisms provided out-of-the-box.

  • Reporting

    Produce CSV or Excel reports by certificate types, groups, or expiration dates based on your selection criteria or schedule automated reports.

Don’t miss the promotions and new features we have in store for our loyal subscribers.

    Your email address is only used to send you our newsletter and information about our activities. You can use the unsubscribe link integrated in each of our emails at any time.
    Share This