top of page

Public Key Infrastructure (PKI) and Digital Certificates are a Must for Secure Authorization

Without a doubt, a Public Key Infrastructure (PKI) is a crucial element for enterprises in their security operations today. Naturally providing a PKI comes down to the fact of offering trust with all affiliated parties and systems. PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.  PKI enables the creation of a web of trust in which businesses may conduct trade through the Internet. 


WIRD provides entire Public Key Infrastructures as-a-Service or installs your trusted in-house PKI within your enterprise or government organisation. We have selected the best possible partners to provide in both cases best-in-class solutions. It typically consists of the 3 following components:

Managed PKI as a Service by WIRD

Everything speaks in favour of SwissSign Managed PKI service: 

  • Flexible issuance: Any time, any place and everything immediately

  • Everything from a single source: Every S/MIME or SSL certificate – including SSL EV Gold

  • Transparent and fair prices: You pay for what you purchase and can use a single certificate on several servers at no extra cost. You also benefit from attractive volume discounts. In case of Personal ID certificates you can save even additionally 40%. Just sign your contract for a first contract period of three years or five years. Afterwards you can resign on a yearly base

  • SwissSign goes the extra mile: SwissSign is a Swiss company and we work to ensure reliability in everything we do – right down to the last detail. Our local Support team will support you in German, French and English. SwissSign certificates are integrated in European partner solutions for secure and trusted e-business. 


With the SwissSign Managed PKI service you issue, approve, manage and withdraw certificate requests yourself for your employees, customers and partners within a matter of minutes whatever the time of day. You manage your certificates independently via our web interface or on an automated basis via one of our partner solutions with a standardised interface. We validate only once your organization and there will be no need for single validation of certificate requests in the future – even for SSL EV certificates.  ​ 

CA hosting service 

With CA hosting, SwissSign operates your public key infrastructure (PKI) for you in accordance with your specifications. If you prefer certificates will be issued from your own root certificate (root CA). You obtain and manage your certificates in a simple manner via our Managed PKI interfaces. You benefit from maximum flexibility, low costs and a high level of security by outsourcing your PKI to the secure, certified and specialised SwissSign environment. 


You define the scope and parameters of the CA hosting service when placing your order. It is also possible to have your own CP/CPS. Among other things, you determine whether

  • A complete self-signed certification authority (CA) of your own is created or 

  • The standard non-public SwissSign Trust chain 

  • You use an issuing certification authority (sub-CA) or 

  • You exclusively obtain individual certificates directly from our internal not publicly trusted SwissSign CA

  • You choose whether you only want to use your self-signed certificates internally or you want to use the same Managed PKI interface also for standard publicly trusted SwissSign certificates. 

TOPKI to run PKI like on premise

WIRD Group is key Secardeo Partner for Switzerland. The Secardeo certEP Certificate Enrolment Proxy enables a corporate IT infrastructure to utilise managed PKI services, as they would run on premise. certEP offers you the following benefits: 

  • Enrol certificates from the SwissSign Managed PKI – independence from Microsoft CA

  • Isolation of CA server from production network – protect your PKI from advanced threats

  • Support for Microsoft PKI protocols – no PKI client software distribution

  • Use AD group policy mechanisms (GPO) – established configuration in Active Directory

  • High degree of CA automation – minimize PKI operational costs

  • Use established Managed PKI Services – perform PKI deployment within hours

  • Many CAs supported with customizable connectors – keep flexibility for a future migration to another CA

  • Local key archival and recovery by KRAs – keep full control and privacy for your private encryption keys

  • Auto-enrolment gateway for the SwissSign Managed PKI – globally accepted S/MIME certificates for your users 



The Secardeo certEP Certificate Enrolment Proxy supports manual certificate enrolment and certificate auto-enrolment from the SwissSign Managed PKI. 
Trusted certificates, e.g. digital signature certificates, may be enrolled automatically from the managed PKI in compliance with the CA certificate policy. By this, PKI security and its use for external communication will be increased significantly. S/MIME certificates and private PKI keys may be automatically and securely distributed to mobile devices using Secardeo certMode and certPush. Secardeo certEP supports manual and auto-enrolment of certificates from: 

  • Open Source PKI servers like EJBCA, OpenXPKI, DogTag, OpenSSL

  • Commercial CA servers like Nexus, IBM z/OS, Microsoft ADCS, Red Hat

  • Cloud CA services like SwissSign, QuoVadis, D-Trust, HydrantID or INSTA. 

bottom of page