Certificate Authority

Certificate Authority

TrustSec introduces two CA models on for enterprises which are suitable for large scale companies and large number of users. A standard CA for small scale companies is also provided with a simple user interface for better user experience.

CA Enterprise

Enterprise Certificate Authority


It is a fully functional Certificate Authority built in Java. Based on JEE5 technology it constitutes a robust, high performance and component based CA. Both flexible and platform independent, Enterprise CA can be used standalone or integrated in any JEE5 application, suitable for large enterprises.


Certificate Authority Features

High Security

A number of security mechanisms are employed, helping significantly to eliminate the risk of fraud, attacks and misuse from unauthorized individuals and hackers.  Enterprise CA Communications between different modules use secure connections (SSL). Also, each message is signed through trusted certificates to prevent Masquerade Attack. Moreover, Database storage can be encrypted to prevent hacker attacks.

Enterprise CA provides the ability to use secure storage for Root/Sub-Root Private Keys (HSM). EJBCA Separates the validation service from the CA service that means The CA service does not have to accept external connections. Also, Enterprise CA Separates the Registration Service from the CA service.


Flexible and easy administration with its user-friendly and recognizable web-based front end. This allows user locations to be geographically independent. Enterprise CA Administration is done through Web GUI, command line or Web Services. Also, Enterprise CA provides Powerful Web based administration GUI using strong authentication. Moreover, there are multiple levels of administrators with specified privileges and roles.


Provides seamless integration into any existing organizational structure and infrastructure thanks to its implementation based high configurability. Enterprise CA is built on the JEE 5 (EJB 3.0) specification. Therefore, Enterprise CA can run standalone or integrated in any JEE application. Also, the External Validation Authority and OCSP responder work with any other CA than Enterprise CA and support large scale OCSP deployments. Moreover, Enterprise CA provides Plug-in functionality allowing you to enhance with your own functionality and work flows.

National Capacity

Enterprise CA can easily be used in National-Based projects with high dependability. Enterprise CA uses Simple stand-alone batch enrollment GUI for CSRs (web-service RA). Also, Enterprise CA is easily integrated with multiple databases.

E-Passports Support

Enterprise CA has support for the e-Passports projects. Enterprise CA integrates the common features of e-Passports. Thus, Enterprise CA is strongly recommended for e-Passports projects.

Standards Complied

Enterprise CA supports and the X.509 standards and PKCS# (RFC5280) standards where applicable.

High Performance

Enterprise CA ensures the highest performance for request processing and responds.

It is pretty fundamental requirement for an OCSP Responder to be able to provide certificate status information for more than one CA. This minimizes hardware, software and management costs associated with running separate OCSP Responders for each CA.

Ensure highest performance. The external OCSP responder is very fast and one single responder can answer hundreds of requests per second. Using Hardware Security Modules (HSM) can process large certificate issuances per second.

High Availability

Enterprise CA is highly available system. Enterprise CA is reliable system that provides backup systems for logging, databases and OCSP responders. Enterprise CA is designed to work well in a clustered, high availability configuration. The key to Enterprise CA high availability is to have a HA database, since all Enterprise CA nodes shares the same database.

Ensure highest availability of the validation service. Using external OCSP responders you can have several completely independent nodes. This means that you can do maintenance on the CA, or some of the OCSP nodes without disturbing availability to the validation service.


Enterprise CA is interoperable with wide range of hardware device, tokens, smart cards, identity systems and operating systems.

EJBCA Supports a wide range of multifunctional smart cards and tokens through the suitable PKCS11 library. Also, EJBCA integrates easily with various directory services and databases. EJBCA is compatible with a variety of physical access control systems. Moreover, EJBCA is interoperable with different identity provisioning systems.


Enterprise CA is Common Criteria EAL4+ certified and CWA/ETSI compliant to provide the most powerful and flexible PKI. EAL4 permits a developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources.