October 24, 2018

Blog postEJBCA EnterpriseEJBCA Hardware Appliance

PrimeKey PKI in a Box – still HOT after 6 years!

PKI Appliance

It all started around 2008/2009 when we saw the need to make PKI easier to digest, to move away from the standard PKI project with minimum two weeks of installation and the pre-requisite of having PKI and HSM expertise available. Our goal was to reduce the installation complexity, time to deployment and also to provide a reliable update function. One of the critical parts of the solution was to integrate an HSM and we decided to approach Utimaco as there was already an established partnership. Utimaco liked our idea and has since then been the selected HSM integrated in our PrimeKey appliance solution. The first appliance solution was released in 2012, and we have since then offered both the PKI software EJBCA Enterprise and the signing software SignServer Enterprise in ready-to-use Appliance versions. They are called the PKI Appliance and the SignServer Appliance, and they are today two of the most popular products in the PrimeKey range. Our objectives with the PKI Appliance and SignServer Appliance are, and have always been, to offer the most cost-efficient, easy and secure way to deploy an enterprise PKI solution, and the wide customer acceptance of it has proven us right. Since 2012 the revenue from the Appliance business has gone from zero to 25% of the PrimeKey total revenue and based on customer and market feedback we continue to invest in the next generation of technology and platform. So why is the PKI Appliance so popular? Most companies who use the PKI Appliance say they appreciate how it gives predictability to the project and the operational costs connected to their PKI. As a customer of the PKI Appliance or SignServer Appliance you:

  • don't have to take care of licensing, installation, hardening, administration, maintenance and management of all the underlying components required for a PKI or Signing service. (OS, DB, HSM, WebServers).
  • automatically* get access to combined hardware and software, 8/5 or 24/7, support and maintenance services.
  • get a FIPS 140-2 level 3 certified HSM built-in to your Appliance (Utimaco CryptoServer SE52). The HSM is integrated in to your PKI to the maximum extent possible and thus minimizing administration and management efforts required when it comes to those very specialized and critical devices. Not to mention the training costs and efforts required when it comes to best practice HSM usage.
  • get the possibility to install and run multiple and independent CA instances in one software installation. The CA installations are logically secured against each other and at no additional licensing costs.
  • get access* to the continuous evolvement of the PrimeKey PKI Appliance and SignServer Appliance.
  • get a solution that is prepared for integration into hybrid infrastructures allowing you to utilize the flexibility and agility of PrimeKey’s offering.


"Compared to the software based solution the Appliance reduces the efforts for setup and maintenance considerably, and it fits for most use cases and architectural requirements."

- Alexander Winnen, Senior Security Consultant at Siemens


The number of customers continues to grow, which we’re of course really happy about. We also see that new markets and market segments discover our technology, and that our long-term customers continue to appreciate the platform. Do you think your organization would benefit from using an Appliance in your PKI solution? Get in touch and we'll be happy to talk about your needs!

More about the PKI Appliance

*For customers with support agreements. 



Jiannis Papadakis

Jiannis is the Senior Pre-Sales Engineer for the DA-CH area and has his base in Aachen, Germany.