Khatim PKI Server 4.3 is Ready – IOT, ACME, AATL & more!

Khatim - PKI Server - IOT

In the fast-paced world of cybersecurity, staying ahead of the curve is not just an option—it’s a necessity. At the heart of the digital security landscape, PKI (Public Key Infrastructure) has been a trusted cornerstone for safeguarding data, communications, and identities. That’s why we are thrilled to announce the release of the highly anticipated Khatim PKI Server 4.3.

With PKI Server 4.3, we’re ushering in a new era of security, packed with innovative features and capabilities that empower organizations to thrive in today’s dynamic and ever-evolving threat landscape. This release highlights:

  • Matter Spec Implementation: Boost IOT Security
  • ACME Support: Streamlined Certificate Management
  • AATL-Based Signatures with AWS KMS: Enhancing Digital Trust
  • Improved API Authentication: Via OAuth

Matter Spec Implementation: For the Next Generation IOT

PKI Server 4.3 proudly implements the Matter Spec from Connectivity Standard Alliance. Matter spec embodies a common vision that emphasizes the necessity for smart home devices and IOT to be secure, dependable, and effortlessly user-friendly. This unified standard within the industry assures a reliable and secure connectivity, acting as a seal of approval, ensuring devices seamlessly collaborate both now and in the future. Matter not only fosters more connections between diverse objects but also streamlines development for manufacturers, enhancing compatibility for consumers.

Khatim PKI Server v4.3, allows administrator to setup X.509 certificate templates for the Matter certificates including CA and end-entity certificates such as:

  • DAC (Digital Attestation Certificate)

  • PAA (Personal Attestation Authority)

  • PAI (Personal Attestation Information) issuance.

To configure Matter spec:

  • Setup PAA, PAI and DAC templates. Khatim PKI Server comes with default templates for quick usage

  • Generate PAA Certification Authority using PAA template

  • Repeat for PAI to make a Sub CA

  • Setup Certification Provider policies with DAC certificate templates

  • Send CSR to Certificate Provider policy to issue DAC certificates

Khatim PKI Server v4.3 support the Matter-1.0-Core-Specification.

Setting up PAA CA


Setting up PAI CA


Setting up Certificate Provider Policy for DAC


ACME Support: Streamlined Certificate Management

Say goodbye to the complexities of certificate management! PKI Server 4.3 introduces seamless ACME (Automated Certificate Management Environment) support. ACME is the driving force behind automated certificate provisioning, making it easier than ever to obtain and manage SSL/TLS certificates. With PKI Server 4.3, you can enjoy:

  • Automated certificate issuance and renewal

  • Reducing administrative overhead

  • Ensuring the availability of trusted certificates when you need them

To configure ACME:

  • Create a Certificate Provider policy with ACME enabled

  • Setup the policy to issue certificate using SSL Server Auth template

  • Setup Key Control with CLIENT-CSR

  • Enable ACME


Once done, you can use any ACME compliant software e.g. certbot to issue TLS/SSL digital certificates.

Khatim PKI Server powerful charts and reporting also help you easily see how many certificates are issued via ACME protocol and allows PKI Admin to see detailed logs for better troubleshooting.


AATL-Based Signatures with AWS KMS: Enhancing Digital Trust

Our new release supports AATL (Adobe Approved Trust List) based PDF signatures, backed by the rock-solid security of AWS Key Management Service (KMS). This ensures that every digital signature is not just secure but also recognized and trusted globally. It’s your data, your way—secure, compliant, and unparalleled in trustworthiness. Configuring AATL based keys can be easily achieved by:

  • Configuring AWS KMS in System Keys > Key Vault
  • Import AWS hosted asymmetric Keys by providing ARN, Client ID and Client Secret
  • Using System Keys > Generate CSR against the imported key
  • Certify the CSR from any trusted AATL Certification Authority and import it back into the system
  • Using System keys import the issued X.509 digital certificate
  • Generate a signing policy and configure the signing certificate against it
  • Send PDF via the Restful interface of signing engine to sign PDF using any of PAdES profiles

Its that simple!

PDF Signed with AATL backed signatures

OAuth with JWT: Next-Level Authentication

Elevate your authentication game with OAuth and JSON Web Tokens (JWT). PKI Server 4.3 brings you OAuth support that integrates seamlessly with JWT, ensuring a robust, standards-based authentication process. Whether you’re signing documents or managing certificates, the power of OAuth and JWT is at your fingertips, simplifying authentication while enhancing security.

Setting up is easy.

  • Add client apps from Access Control

  • Setup Client ID and Client Secret

  • Assign the engines and policies

  • Enable authentication in each of the engine’s advance section

  • Now before making an API call, you need to first get an access token to authenticate the API

KPS-Access Control-Client Apps

Embrace the Future Today

The PKI landscape is evolving faster than ever, and Khatim PKI Server is here to help you not just keep up but stay ahead of the game. With automated certificate management, top-notch security, enhanced authentication, and forward-looking innovation, it's your passport to a more secure and efficient digital world.

Contact us today to discover Khatim PKI Server 4.3!


How does Khatim PKI Server 4.3 ensure the security of Matter certificates for IoT devices?

Khatim PKI Server 4.3 ensures the security of Matter certificates for IoT devices by implementing the Matter Spec from Connectivity Standard Alliance. This unified standard emphasizes secure, dependable, and user-friendly connectivity for smart home devices and IoT. PKI Server 4.3 allows administrators to set up X.509 certificate templates specifically tailored for Matter certificates, including DAC (Digital Attestation Certificate), PAA (Personal Attestation Authority), and PAI (Personal Attestation Information) issuance. By configuring these templates and generating the necessary certification authorities, PKI Server 4.3 ensures that Matter certificates meet the highest security standards, enhancing the trustworthiness and compatibility of IoT devices.

Can Khatim PKI Server 4.3 handle certificate provisioning for devices that adhere to multiple industry standards, beyond just the Matter Spec?

PKI Server 4.3 is designed to handle certificate provisioning for devices that adhere to multiple industry standards, beyond just the Matter Spec i.e. SCEP. Administrators can configure certificate templates and policies to accommodate various standards, ensuring that PKI Server 4.3 remains versatile and adaptable to the diverse needs of different organizations and industries.

What are the specific benefits of using OAuth with JWT authentication in PKI Server 4.3?

OAuth with JWT authentication in PKI Server 4.3 offers several benefits compared to traditional authentication methods. Firstly, OAuth provides a standardized framework for secure authentication and authorization, ensuring that only authorized users and applications can access PKI Server resources. Secondly, JWT (JSON Web Tokens) enhances security by enabling the transmission of digitally signed authentication tokens, preventing tampering and unauthorized access. By combining OAuth with JWT, PKI Server 4.3 simplifies the authentication process while ensuring robust security measures are in place, making it an ideal choice for organizations seeking advanced authentication capabilities in their digital security solutions.