SwissPKITM features single or multi-tenant configurations, on-premises or cloud deployments as well as single or clustered Hardware Security Modules.
For centralized key management, high availability, and failover features, SwissPKITM seamlessly integrates with all major Hardware Security Module manufacturers.
SwissPKITM supports the issuance and management of publicly trusted and qualified certificates. Its implementation is governed by the following standards and specifications:
- Certificate Issuing and Management Components Protection Profile as specified by the Common Criteria (CC)
- ETSI CAs issuing Qualified Certificates meeting requirements of Regulation
- ETSI CAs issuing Web Site certificates meeting requirements of the CA/Browser Forum documents
- ETSI Other Trust services including time-stamping and CAs issuing certificates other than qualified certificates
Mozilla CA Browser Forum Baseline Requirements and Network and Certificate System Security Requirements (CT Log, DNS Owner Checks, and CAA Checks)
Swiss ZertES and TAV recommendations
SwissPKITM is multitenant and enables you to host on the same deployments, multiple organizations or customers.
The solution is composed of independent modules which can run as a single application with horizontal scaling support in a network zone of your choice. Additionally, the modules can be organized into packages to form one application also supporting horizontal scaling in a network zone of your choice.
Web portals for SwissPKI Administrators, Operators, and Registration Officers
Certificate Life Cycle Management
Certificate life cycle and workflow management, issuance, revocation, and publication supporting internal, public trust, and external Certification Authorities
Automatic certificate enrollment for Windows users and machines on their Windows Domain
Simple Certificate Enrollment Protocol to help IT administrators issue certificates automatically to network and mobile device
Automated certificate deployment between servers and Certification Authorities
PKI Adapter to automate certificate issuance and renewal for the next generation networks
Online Certificate Status Protocol for obtaining real time revocation status of digital certificates
Timestamp service to independently and irrefutably prove the time of a transaction, the time a document was signed and when it was archived
Authentication and Authorization
SwissPKITM offers several built-in authentication mechanisms which you can enable or disable based on your environment’s requirements.
– Username/Password with TOTP
– LDAP Server
– OpenID Connect
– JSON Web Token for REST API
Access control to the SwissPKITM functionalities is managed through a standard PKI role-based model backed up with a fine-grained Create/Read/Update/Delete permission settings pattern controlled through permission templates which you can configure to your organization’s needs.
The role-based access control and permissions apply transparently to both remote API calls and user interface interactions.
Flexible Workflow Integration
SwissPKITM lets you organize certificate registration, renewal, and revocation workflows by combining optional authorization and notification rules.
Whether you require specific document uploads or authorizations upon certificate issuance for a certificate type associated to a specific user group, SwissPKITM enables you to combine predefined workflow rules for your individual business needs.
Standard certificate expiry notifications and dashboards are also available and ready to use.
Automation and Integration
In addition to the standard PKI automation services such as Microsoft and Linux integration through CEP/CES and ACME protocols, SwissPKITM provides a complete set of OpenAPI v3 REST API specifications to let you automate your PKI integration with your business requirements in the programming language of your choice. Whether you require specific user onboarding or certificate issuance, administrative or operational integrations, OpenAPI gives you the entire flexibility you need to integrate and automate your environment.
External Certification Authority Management
SwissPKITM lets you integrate external certification authorities and Public Trust Certification Authority for you to benefit from the integrated certificate management lifecycle, certificate expiry, and renewal notifications. You take advantage of the integrated certificate management provided by SwissPKITM.
Whether you issue public trust or private certificates, SwissPKITM supports validating individual certificate fields on a structural and content level at runtime using predefined validation rules.
Additionally, external service interfaces are available if you need to extend the pre and post-validation of your certificates against custom data sources. Examples of standard validation rules are Subject Distinguished Name, Subject Alternative Name, Domain Owner Check, Certificate Transparency Log, and Certificate Linting validation mechanisms provided out-of-the-box.
Produce CSV or Excel reports by certificate types, groups, or expiration dates based on your selection criteria or schedule automated reports.