Khatim PKI Server > Secure| Reliable | Resilient
Powerful & Scalable Certification Authority / PKI server. Empowering trust, for a secure tomorrow
- Get Advanced insights, reporting & alerting
- Compatible with Web Trust, IETF 5280, CA/B forum standards
- Seamless integration with PKCS#11 or cloud based HSMs
- Easy to integrate with business apps using developer friendly APIs
Purpose of a Certification Authority (CA) / PKI
Security - Trust - Encryption - Authentication - Digital Certificates
CA/PKI Servers are responsible for managing the complete life cycle of setting up Certification Authorities. It starts by setting up a Root CA followed by Subordinate CAs issuing, validating, and revoking end-entity (users, devices, IOT) X.509 digital certificates & CRLs. This allows all communication and transactions between users and devices to be secure, trusted, and authenticated.
By providing a secure and trusted infrastructure for managing digital certificates and keys, a CA/PKI Server enables organizations to establish a strong foundation of trust in their networked environments. This helps to protect sensitive information, prevent data breaches, and ensure compliance with regulatory requirements.
"The PKI Server you can rely on"
What makes Codegic the best Certification Authority?
Simplify PKI Management
Complex PKI systems cause confusion and increase the chances of errors. Khatim PKI Server stands out with its user-friendly web-based graphical user interface (GUI) for administrators. This facilitates faster deployment, integration, and testing compared to other solutions available on the market.
Secured Processing & Audit
Ensuring a high level of security and assurance is paramount in any business. Khatim PKI Server accomplishes this by employing military-grade security measures across all its functions, including key management, CA management, certificate issuance and transaction management.
Web Trust, CA/B Forum Compliant
Compliance with industry standards is essential in today's business environment. Khatim PKI Server adheres to all the recommended guidelines from WebTrust, CA/B Forum, and IETF standards, meeting the regulatory and market requirements.
Khatim PKI Server Usages
IOT Security
Embed certificate-based identity into a millions of devices, ensuring identity, secure communication and trust
Signatures
Issue certificates to apps & users to create digital signatures protecting the integrity of data, transactions and documents
IAM & Trust
Embrace a flexible PKI platform to adapt to evolving security requirements & growing needs for user identity management.
Core Features
Features you get from Khatim PKI Server
Deployment
Pricing & Maintenance
- Khatim PKI Server is charged per bundle
- Each bundle allows you to deploy 2 instance of PKI server in high availability mode
- To add more servers in your existing pool; Add more bundles OR Buy a single server instance at 50% of the bundle price
- Test environments or Staging environments are charged 50% of the price
- Price is inclusive of first 12 months of maintenance plan
With active annual software maintenance plan you:
- Keep your installation safe and secure with the latest security updates
- Get free access to the newest features, enhancements, and bug fixes
- Get premium support from our technical engineers (within 24 hours on business days)
Has your maintenance expired?
When you buy a Khatim PKI Server license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.
Save more with extended supported:
- Extend for 24 months and save 10%
- Extend for 36 months and save 15% best value
Success Story
“We needed the ability to use X.509 Certificate based SSL Client Authentication to provide an additional security layer for our cloud-based applications and Codegic not only quickly provisioned the certificates we needed, but also provided very responsive support when we had questions. Rolling out any PKI project can be hard work, but having a partner like Codegic has made it fast and easy.”
Kevin de Smidt, Head of Technology, CURE International
FAQ
Can we integrate with existing CAs?
Naturally, integrating Khatim PKI Server with your current CAs is possible, and any customization required for the integration will be free of charge.
What is needed to run a Certification Authority?
Deploying PKI server requires two core components:
- CA software and an efficient hardware on which to deploy
- Cryptographic Hardware; Such as an HSM, ensures that the keys for Root CA, Sub CA and end-entities remain secure and protected.
Note that running a PKI is not merely deploying software, there are other areas like planning, deployment & auditing. See our article on what is PKI all about.
How can developers integrate with the PKI server?
There are 2 options:
- Keys are generated on the server; Developers can use any tool which generate JSON based Restful request to send requests for certificate management
- Key are generated on the client: Developer can use any cryptographic API which provides client side implementation for key generation. Some of these are:
- Bouncy castle
- OpenSSL
- Microsoft Crypto API
- Libgcrypt
- Botan
- Crypto++
- WolfSSL
- GnuTLS
- LibreSSL
- Java Cryptography Architecture (JCA)
- Apple Security Framework
- PKI.js
- NSS-Tools
How many PKI server instances I need to deploy?
Deploy multiple instances of Khatim PKI Server for high availability and increase as needed to achieve the desired TPS rates or regulatory needs. It’s important to consider deploying in both staging and DR zones.
How can we boost TPS with Khatim PKI Server?
There are many factor which can boost the performance. This includes:
- Opting for ECDSA over RSA keys (Check with your HSM vendor too)
- 2048 bit RSA keys over 4096 bit
- 384 bit ECDSA key over 521 bit
- Deploying multiple load balanced servers instead of a single instance
- Deploying OCSP server near your client region with low network latency
- Using HSM for keys storage instead of software
- Using a PCI based HSM over network/cloud based HSM
There are already many PKI servers in the market why choose Khatim PKI server?
Choosing the right OCSP server could be difficult. In any case, follow the checklist to choose the right one:
– Does it provide quick installation and simple configuration?
– Does it provide the throughput you expect & scales quickly?
– Does it support Web Trust, CA/B Forum guidelines?
– Does it support RSA and ECDSA based encryption?
– Does it raise alerts in case of failures?
– Does the vendor provide quick support?
– Are all operations done securely?
– Does it fit your budget?
Can alerts to be pushed to a central logging system?
The Khatim PKI Server comes equipped with an integrated logging system that records all incoming requests and responses. Administrators are promptly notified of any issues, and secure notifications can be sent to central logging systems like Splunk, Grafana, Greylog, LogRhythm, and more.
Which technology stack is used?
Khatim PKI server is built with Java (OpenJDK) and Apache Tomcat, providing platform independence and allowing for easy deployment on multiple platforms such as Linux, Windows, and Mac.
WANT TO SEE PKI IN ACTION?
Test drive Khatim PKI Server and explore its powerful features.