Enterprise PKI Platform

KeyGridPKI Platform

Certificate management with 7 RFC-compliant protocols, sub-second issuance, and HSM-backed security from 10+ vendors.

What You Get

Every feature listed here is implemented, tested, and running in production

Sub-Second Certificate Issuance

Enterprise-grade performance with typical response times under 200ms from request to delivery

  • Policy engine validation
  • Hardware-accelerated cryptography
  • Optimized database queries
  • Intelligent caching

True Multi-Tenant Architecture

Complete tenant isolation at database, HSM, and application levels with tier-based routing

  • Row-level security
  • Tier-based HSM routing (FREE/PROFESSIONAL/ENTERPRISE)
  • Independent monitoring
  • Custom branding

HSM-First Security

FIPS 140-2 Level 3 hardware security modules with tier-based resource allocation

  • Utimaco & Thales HSM support
  • AWS CloudHSM & Azure KeyVault
  • 10+ HSM provider integrations
  • Tiered HSM routing system

Complete Protocol Support

Full RFC-compliant implementation of all major PKI protocols with tenant-level controls

  • SCEP (RFC 8894) with Intune integration
  • EST (RFC 7030)
  • ACME (RFC 8555)
  • OCSP (RFC 6960) - <5ms responses
  • CRL distribution with auto-rotation

External CA Integration

Learn More

Seamlessly integrate with existing enterprise PKI infrastructure

  • Microsoft ADCS integration
  • Subordinate CA workflows
  • Multi-device resumption
  • HSM-backed CSR generation

Certificate Template Management

Advanced template system with variable substitution and certificate lifecycle automation

  • 25+ variable types
  • Template cloning & versioning
  • Device/User/Org variables
  • Transform functions

Complete Protocol Support

The only platform with RFC-compliant implementation of all 7 major PKI protocols

ACME (RFC 8555)

Web Server Automation

HTTP-01, DNS-01, TLS-ALPN-01 challenges

SCEP (RFC 8894)

Mobile Device Management

Intune/Jamf integration

EST (RFC 7030)

Network Device Enrollment

Mutual TLS authentication

CMP (RFC 4210)

✨ NEW

Enterprise Certificate Management

IR/CR/KUR/RR operations

TSA (RFC 3161)

✨ NEW

Trusted Timestamping

Code signing & document integrity

OCSP (RFC 6960)

Real-time Status Checking

High-performance responder

SPIFFE

✨ NEW

Workload Identity

Cloud-native zero-trust

Competitive Advantage: Protocol Completeness

Most PKI vendors support only 1-2 protocols. KeyGrid PKI supports all 7 with multi-tenant isolation and licensing controls, eliminating vendor lock-in.

Future-Proof Security

Post-Quantum Cryptography

NIST-approved post-quantum algorithms for quantum-resistant certificate infrastructure with hybrid classical + PQC signatures

01

ML-DSA (Dilithium)

Levels 2, 3, 5

Digital Signatures

  • NIST FIPS 204
  • Quantum-resistant
  • Fast signing
  • Verified security
02

ML-KEM (Kyber)

Levels 1, 3, 5

Key Encapsulation

  • NIST FIPS 203
  • Quantum-resistant
  • High performance
  • Established standard
03

Hybrid Certificates

Configurable

Transition Strategy

  • Dual signatures
  • 4 hybrid modes
  • License controlled
  • Future ready

Hybrid Certificate Modes

  • dual

    Dual Mode

    Both classical and PQC signatures required

  • C

    Classical Primary

    Classical required, PQC optional

 

  • Q

    PQC Primary

    PQC required, classical optional

  • E

    Either Mode

    Either signature sufficient for validity

Enterprise Licensing

Flexible Feature Licensing

Deploy the right capabilities for each customer with our advanced licensing system

01

Four Editions

Trial, Professional, Enterprise, Custom

  • 14-day trial
  • Production licenses
  • Custom features
  • Flexible pricing
02

Three-Level Control

Installation license ∩ Tenant config ∩ Service health

  • System-wide features
  • Per-tenant overrides
  • Runtime gating
  • Real-time evaluation
03

40+ Features

Granular control across 6 categories

  • Protocol features
  • Integration features
  • Advanced features
  • Compliance features

Feature Categories

Protocol Features: ACME, SCEP, EST, CMP, TSA, SPIFFE
Integration Features: Intune, Jamf, HSM, External CA, cert-manager
Advanced Features: Partner portal, White-label, Policy engine, Lifecycle
HSM/Crypto Features: Azure KeyVault, AWS KMS/CloudHSM, PKCS#11, Shamir
IoT/Workload Features: IoT profiles, Device attestation, SPIFFE/SVID
Compliance Features: Audit reports, Policy enforcement, FIPS, OIDC SSO
Certificate Lifecycle

Never Miss a Certificate Expiration

Automated certificate lifecycle management with intelligent monitoring

5-Level Alert System

Notifications at 30, 14, 7, 3, 1 days before expiry

  • Email notifications
  • Webhook callbacks
  • Slack integration
  • PagerDuty alerts
  • Configurable thresholds
  • Escalation policies

Automated Renewal

Smart renewal with configurable thresholds

  • Automatic renewal workflow
  • Configurable renewal windows
  • Approval workflows
  • Bulk operations
  • Rollback support
  • Audit trail

Health Dashboard

Real-time certificate health scoring and trends

  • Certificate inventory
  • Health scoring
  • Usage analytics
  • Expiration calendar
  • Risk assessment
  • Compliance reporting

Customer Portal

Self-service certificate management for end customers

  • Self-service requests
  • Certificate downloads
  • Renewal management
  • Usage tracking
  • Support tickets
  • White-label branding

Business Outcome

Eliminate certificate-related outages and reduce operational overhead by 70% while ensuring zero downtime

Channel Partner Ecosystem

Launch Your PKI Reseller Business

Complete partner ecosystem for building a profitable PKI channel

🥉

Bronze

10%

commission

€0 - €30k 12-month revenue

🥈

Silver

20%

commission

€30k - €135k 12-month revenue

🥇

Gold

30%

commission

>€135k 12-month revenue

Partner Portal Features

  • White-label portals with custom branding
  • Customer provisioning with real tenant creation
  • OIDC SSO (Google, Okta, Azure AD)
  • Team management (Admin, Manager, Member)
  • API key management for integrations
  • Analytics dashboard with revenue tracking

Commission Management

  • Recurring: Monthly/annual MRR-based
  • Referral: One-time new customer payments
  • Bonus: Performance incentives
  • Adjustment: Manual corrections/clawbacks
  • Automated calculation and tracking
  • Complete audit trail

Target Market

System integrators, MSPs, VARs, cloud service providers

Revenue Model

10-30% recurring commissions based on annual revenue tier

Market Opportunity

$4.7B PKI market growing at 15% CAGR

Cloud-Native Architecture

Modern microservices architecture designed for scalability, reliability, and performance

Admin Interface

Next.js dashboard

Operational

API Gateway

Request routing & auth

Operational

CA Service

Core PKI operations

Operational

SCEP Service

Device enrollment + Intune

Operational

EST Service

Network devices

Operational

ACME Service

Web automation

Operational

Validation Service

OCSP & CRL

Operational

External CA Service

Enterprise PKI integration

Operational

Template Service

Certificate templates

Operational

Tenant Service

Multi-tenant management

Operational

HSM Router

Tier-based HSM routing

Operational

Intune Integration

Microsoft device management

Operational

Usage & Billing

Real-time analytics

Operational

Testing Framework

Quality assurance

Operational

Production Deployment

Docker & Kubernetes

Operational

Performance That Scales

Benchmark performance metrics that demonstrate enterprise-grade capabilities

Sub-second
typically <200ms

Certificate Issuance

10K+
concurrent operations

Load Testing

150+
comprehensive tests

Test Suite

99.99%
guaranteed availability

Uptime SLA

Ready to Modernize Your PKI?

ACME, SCEP, EST, CMP, TSA, and SPIFFE in one platform. Sub-second issuance. 10+ HSM vendors. Deploy alongside or beyond ADCS.