Certification Authority

Cryptosec Openkey CA: (Certification Authority)

The Certification Authority is the most important and most protected element in a public key infrastructure (PKI). It is the trust component certificates issuer and determines their validity over time.

Cryptosec Openkey CA can perform two roles:

  • Root Certification Authority.
  • Subordinate Certification Authority.


As a general rule, a Root CA does not generate end-entity certificates but certifies other CAs, called Subordinates, responsible for generating Digital Certificates to the end user.

This product includes:


Download the full Dossier

* required

I have read and accept the Privacy Policy of Realsec

I authorize to receive commercial communications about products and solutions offered by Realsec in the terms provided in the Privacy Policy

Cryptosec Openkey CA Features:

  • Unlimited issue of end-entity certificates and no licensing cost, complying with the X.509 v3 standard. It also generates CRLs, all in accordance with RFC 5280.
  • Supported certificate key sizes: RSA up to 4,096 bits and ECDSA up to 512 bits.
  • Support multiple requests from multiple RAs.
  • Operator web interface with client authentication (HTTPS), which allows you to:
  • Parameters configuration that condition the operation of the specific software elements of the Subordinate Openkey CA component.
  • Composition of certification policies.
  • Manual generation of a CRL, as well as queries regarding certificates issued, CRLs issued, etc.
  • Secure access for remote console for the administration and supervision of the HSM.


  • Cryptosec LAN incorporates the HSM Cryptosec DEKATON from REALSEC, with the certifications: FIPS 140-2 Level 3, PCI HSM PTS v3.0.