Set-up private Certificate Authority (CA)

Control your chain of trust without managing PKI in-house

Dedicated intermediate CAs (ICAs), sometimes referred to as subordinate or issuing CAs, are used to issue end-entity certificates exclusively for one specific company.  Having your own ICA or hierarchy gives you greater control over the chain of trust in your ecosystem, allowing you to only trust certificates issued from your trust model.

QuanTrust PKI offers a specialized service to set up a Private Certificate Authority (CA) for your organization, allowing you to control your chain of trust without the complexities of managing PKI in-house. Our dedicated intermediate CAs (ICAs), also known as subordinate or issuing CAs, issue end-entity certificates exclusively for your company, providing you with greater control over your trust ecosystem

Why Choose a Dedicated CA or Root?

Enhanced Security

Having your own ICA or hierarchy ensures a higher level of security by limiting trust to certificates issued from your trust model, reducing the risk of unauthorized access and certificate misuse.

Flexible Trust Options

Choose between public or private trust hierarchies branded to your company, hosted and managed securely by QuanTrust PKI in our Web-Trust audited data centers.

Cost and Asset Optimization

Eliminate the cost and resource burden on internal teams to manage PKI components by relying on QuanTrust PKI to host and manage your ICAs and roots.

Control your chain of trust

QuanTrust PKI offers a specialized service to set up a Private Certificate Authority (CA) for your organization, allowing you to have greater control over your trust ecosystem.

Reasons for Using a Dedicated CA or Root

  • Client Authentication
  • SSL/TLS Inspection/Decryption
  • Custom Profiles

Client Authentication:

Certificate-based client authentication often validates certificates based on an intermediate CA. By having an exclusive subordinate CA, you can limit who has certificates that grant access to a system. These use cases generally use private trust hierarchies.

SSL/TLS Inspection/Decryption:

SSL inspection appliances require their own subordinate CA to issue certificates for decryption and re-encryption. These certificates are not publicly trusted, requiring dedicated hosting. QuanTrust manages the root, while the customer hosts the ICA on their inspection appliance

Custom Profiles:

You can configure a subordinate CA to meet your specific needs regarding extended key usage, certificate policy, CRL distribution, short-lived certificates and more.