Khatim RA Server > X.509 Issuance Simplified!

Powerful & Scalable RA server for complete Certificate Lifecycle management (CLM)
  • Flexible Enrollment and Vetting
  • Easily integrate using APIs, CMP, ACME & SCEP
  • Provision low and high assurance X.509 certificates
  • Compatible with Web Trust, IETF 5280, CA/B forum standards
  • Issue certificates to individuals, devices, and applications
Download Datasheet

Khatim RA Server

Authenticate - Validate - Issue

Khatim Registration Authority (RA) Server stands as a robust registration and vetting platform empowering Enterprises, Governments, and Trust Service providers to facilitate tailored enrollment and onboarding processes for X.509 digital certificates. It facilitates certificate issuance to individuals, devices, and applications via Khatim PKI Server CAs with customizable features. Khatim RA Server enforces stringent identity verification protocols, enhancing the overall security and integrity of the certificate life cycle management (CLM).

"Khatim RA Server: Your Gateway to Trusted X.509 Certificate Lifecycle Management"

Khatim RA Server - Life Cycle

Why choose Khatim RA Server?

Built for Enterprises

Khatim RA Server is purpose-built for enterprise scalability and resilience, ensuring reliable validation and vetting for high-volume X.509 certificate issuance across diverse business applications, devices, and individuals. Keeps full track of certificate request life cycle. Be it closed PKI, public or National PKI, one RA fits all!

Multiple Vetting Options

Khatim RA Server provides automated and manual vetting for any type of certificates. For high assurance certificates, manual vetting can be enabled with workflows for single or multiple approvals. During automatic vetting, performs CA/B forum based checks for quick issuance of certificates with zero delays.

IOT, People, Applications

Khatim RA Server provides both programmatic and GUI based interfaces to handle certificate issuance for devices, IOT, people and applications. These could be SSL Certificates (DV, OV, IV, EV), S/Mime (MV, OV, SV, IV), AATL or Qualified Certificates.

Core Features

Features you get from Khatim RA Server
Protects your PKI

Khatim RA server integrates with Khatim PKI Server handling all the complex user vetting process & acting as the first line of defense before sending the certification request to Khatim PKI. PKI admin can also configure multiple CAs with a single Khatim RA server. This offloads all validations, vetting to Khatim RA Server allowing Khatim PKI Server to manage the core PKI tasks i.e. certificate issuance, revocation etc.

Auto Enrollment

Websites and devices need X.509 digital certificates and they need it quickly with no manual intervention. Khatim RA Server supports both ACME (rfc8555) to issue SSL Certificates for websites & SCEP for devices (routers, switches etc.).

Setup Vetting Policies

Khatim RA Server allows customizable manual vetting by any number of RA Admin or LRA Admins or even no vetting for low assurance certificates. All admins can provide their vetting reports in any form, be it PDF, videos, images with notes. The complete vetting history is then maintained for audit purposes.

Developer Integrations

Want to control your RA from your CRM, ECM etc. No issues, with Restful APIs, business applications remain in command of their RA be it configurations, setting up organization, vetting, plans and more.

Catering PKI of all sizes

Khatim RA Server seamlessly manages X.509 certificate issuance, catering to diverse infrastructures and compliance standards, including Closed PKI, Public, and National PKI environments. Whether your needs align with closed, restricted systems or the broader, more public-facing spectrum of PKI, our solution adeptly caters to varying infrastructure requirements, ensuring comprehensive certificate handling across diverse landscapes.

One Portal, multiple Organizations

Khatim RA Server simplifies managing multiple Organizations and their linked service plans. Service plans helps PKI admins setup what type of certificates an organization needs to create and any limits applied (count, expiry, vetting, agreements etc.) allowing subscriptions management super easy.

Cross Platform, Diverse Deployments

Khatim RA server is built with platform independence in mind hence supports Windows and Linux alike. You can deploy in different environments be it on-premise, private or public cloud, VMs or physical machines.

Cryptographic Agility

Keeping in view businesses having different cryptographic needs, Khatim RA server allows both RSA and ECDSA based X.509 digital certificates with SHA-256, 384 and 512 hashing algorithms.

Reporting & Statistics

Access real-time statistics reflecting your RA performance in the form of graphs. Administrators can delve into various data points such as successful and failed certificate issuance, expired or about-to-expire certificates, alerts, certificate algorithms, and more. Khatim RA Server generates daily summary reports, offering a snapshot of the day’s certificate generation details, including certificate types, failures, and alerts, empowering administrators with crucial insights.

Secure GUI based administration

Control your RA server administration with secure GUI based interfaces. Ensures military grade security (AES 256) to your RA server instance for administration using TLS client authentication. From policy management to transaction log viewing all can be done from a single place. For LRA admins and LRA User, authentication is done using user id password.

Proactive Alerts & Troubleshooting

In instances where the Khatim RA server encounters operational disruptions, it proactively alerts administrators, prompting swift action. To ensure comprehensive tracking, all incidents are meticulously logged, providing the option to securely transmit data to central logging systems like Splunk, Grafana, Greylog, LogRhythm, and others for detailed monitoring and analysis.

Logging & Auditing

The Khatim RA server diligently logs all inbound transactions and configurations for in-depth analysis, encompassing vetting details submitted. This encompasses automated API calls, interactions via ACME, SCEP protocol, or manual inputs. Administrators possess the capability to instantly retrieve and scrutinize request and response data, facilitating real-time troubleshooting whenever necessary.

Unlimited Scalability

Prepare for an unparalleled RA experience with the Khatim RA server! Utilize its clustering feature, enabling multiple RA servers to operate concurrently, minimizing latency. You can seamlessly integrate new RA servers without halting ongoing instances, ensuring the seamless flow of your operations. Bid farewell to sluggish performance and embrace lightning-fast CLM capabilities with Khatim RA server!

Multiple Keystores

Different organization may have separate needs when it comes to key protection. Khatim RA server can be easily setup to issue X.509 certificates where private keys can resides inside any of Software (PKCS#12), Smart Card/USB tokens (PKCS#11 based) or HSMs.


Supported OS

All flavors of Windows Server & Linux (Centos, Ubuntu, RedHat, Fedora)


English - Other languages can be supported on demand

Minimum H/W Requirement

8 GB RAM, 2 vCPU (2.3 GHz), 10 GB disk space.

Pricing & Maintenance


  • Khatim RA Server is charged per bundle
  • Each bundle allows you to deploy 2 instance of RA server in high availability mode
  • To add more servers in your existing pool:
    • Add more bundles
    • Buy a single server instance at 50% of the bundle price
  • Test environments or Staging environments are charged 20% of the price
  • Price inclusive of first 12 months of maintenance plan

Maintenance Plan

With active annual software maintenance plan you:

  • Keep your installation safe and secure with the latest security updates
  • Get free access to the newest features, enhancements, and bug fixes
  • Get premium support from our technical engineers (within 24 hours on business days)

Has your maintenance expired?

When you buy a license, you automatically get free 12 months of maintenance. Want to renew your maintenance plan? The price for 12 months is 25% of your license’s (current) list price.

Save more with extended supported:

  • Extend for 24 months and save 10%

  • Extend for 36 months and save 15% best value

Success Story


We needed the ability to use X.509 Certificate based SSL Client Authentication to provide an additional security layer for our cloud-based applications and Codegic not only quickly provisioned the certificates we needed, but also provided very responsive support when we had questions. Rolling out any PKI project can be hard work, but having a partner like Codegic has made it fast and easy.

Kevin de Smidt, Head of Technology, CURE International


How does Khatim RA Server ensure security during the enrollment process?

Khatim RA Server verifies user identities using various authentication methods and ensures data encryption during the transmission of sensitive information.

Does Khatim RA Server manage certificate revocation?

Khatim RA Server does not manage revocation directly. However, it facilitates revocation requests by verifying the identity of the requester before forwarding it to the CA for revocation.

Is it possible to integrate an Khatim RA Server with existing identity management systems?

Yes, Khatim RA Server can be integrated with existing identity and access management systems for seamless user authentication and validation.

Can I setup service plans against different organizations?

Yes. You can setup multiple certificate types and link them in service plan which are then assigned to different organizations. You can further control the number of to-be issued certificates and life time of a service plan.

To provision certificates on Smart Cards which protocol is supported?

Khatim RA server can provision X.509 certificate using RSA or ECDSA based keys for any smartcard or USB token which supports PKCS#11 interface. Almost all vendors support PKCS#11 interface.

Does Khatim RA Server have self-service features for users?

Yes it offers self-service capabilities, allowing users to initiate certificate requests, track their progress, and manage certificates.

Can an RA Server handle high volumes of certificate requests?

Yes, Khatim RA Servers are designed to efficiently manage high volumes of certificate requests, employing scalable architectures to handle increased demand without compromising performance.

Can Khatim RA Server issue certificates?

No, Khatim RA Server does not directly issue certificates. It validates user information, processes certificate requests, and sends verified requests to the Khatim PKI Server for certificate issuance.

How can I track all of my issued certificates?

Khatim RA Server provides multiple portals for RA Admins, LRA Admins and LRA Users to track and see the workflow and the list of issued, expired, revoked certificates along with detailed reports and charts. Certificate requestors are also notified for about to expire certificates.


Test drive Khatim RA Server and explore its powerful features.

Still not convinced?

All it takes few minutes to see Khatim RA Server into action!
Super Simple Installation

Khatim RA server boasts a hassle-free installation and configuration process that administrators find easy to use.


Khatim RA Server is compliant with the standards set by Web Trust, IETF 5280, and CA/B forum.

Try for free

Want to witness the power of Khatim RA server firsthand? Sign up for our 30-day free trial today.