PKI as a service | Ascertia

What is Ascertia PKI-as-a-Service?

Secure identities, devices, and digital transactions, without the complexity of running your own PKI. Ascertia PKI-as-a-Service delivers certificate issuance, validation, and lifecycle management from a fully managed, high-availability cloud service, powered by the proven ADSS CA/PKI Server.

Why choose Ascertia PKI-as-a-Service?

Deploy fast, stay compliant

Stand up a dedicated PKI in days, aligned with eIDAS, NIST, and industry best practices, without hiring or training a Certificate Authority (CA) operations team.

Trusted technology foundation

Built on the same ADSS CA/PKI Server trusted worldwide by governments, banks and telecom providers—now available as a fully managed service.

Complete lifecycle management

Issue, renew, revoke, and audit certificates for people, devices and workloads, at scale and under your full policy control.

Seamless integration

Support for SCEP, EST, ACME, OCSP, CRL, RFC-compliant timestamps and long-term validation (LTV), plus rich APIs for automation and DevOps pipelines.

Expert-led operations

Ascertia’s PKI specialists operate and monitor the service, so you can focus on delivering secure digital services while retaining governance and control.

What you get

Managed PKI core

Dedicated issuance hierarchies (Root and Sub-CA options) with policy templates
OCSP and CRL validation services and secure timestamping
Role-based administration, audit logging and compliance reporting
Hardware Security Module (HSM) protection and key ceremonies (on request)

Identity & device at scale

People and workforce certificates: authentication, email, and document signing
Device and IoT identities: Wi-Fi, VPN (802.1X), mTLS, and code signing
Workload and machine identities: containers, services, and APIs

Automation & DevOps

Zero-touch enrolment with SCEP, EST and ACME
REST/SOAP SDKs for custom workflows and integrations

Operations you can trust

High-availability deployment with continuous monitoring
Backup, restore and disaster recovery readiness
Controlled change management and scheduled maintenance

Common use cases

Zero-trust network access – mTLS, device identity, Wi-Fi/VPN 802.1X
Document and data signing – citizen and business e-signatures, eSeals, LTV
Cloud workload security – Kubernetes, service meshes, API gateways
IoT onboarding at scale – factory provisioning, lifecycle renewal and revocation

How it works

Design and onboarding – Map trust policies, certificate profiles and enrolment flows.
CA build – Configure your dedicated hierarchy on ADSS CA/PKI Server with HSM-backed keys.
Connect and automate – Integrate via SCEP, EST, ACME, or Admin Console/APIs.
Operate and assure – Ascertia manages operations; you retain policy governance.

Security and compliance

Standards-based – X.509, RFC 6960 (OCSP), RFC 5280 (CRL), and RFC 3161 (TSA)
Cryptography assurance – HSM-enforced key protection with separation of duties
Audit readiness – Comprehensive logging, compliance reports and evidence packs
Sovereignty options – Choose data residency and HSM location to meet regulatory needs

Integrations

Microsoft / Azure AD / Intune (SCEP/PKCS #12 delivery)
MDM/UEM platforms (SCEP/EST)
Web servers, proxies, load balancers (ACME/mTLS)
CI/CD and code signing pipelines
SigningHub & ADSS Signing Server for end-to-end digital signature solutions.

Service tiers

Essentials – Single Sub-CA, up to 50k active certificates, standard protocols, shared ops window
Professional – Multiple Sub-CAs, up to 250k active certificates, dedicated HSM partition, enhanced reporting
Enterprise – Custom hierarchy (including offline Root), multi-region HA, dedicated SLAs, support

Ascertia PKI-as-a-Service