Certificate Authority

Futurex Offline Root CA

8min

The

 provides a turnkey solution for offline enterprise-level Certificate Authority (CA) and Private Key Infrastructure (PKI) management. Root CAs can be issued offline, wherein the device may be powered down and disconnected from the network. In addition, the

enables you to import and export PKIs offline.

Business purpose

The primary business purpose for using the

 offline feature is to prevent unauthorized access to root CAs in the event of a network breach. As an added advantage, the offline feature provides an alternate method to securely manage root CAs during network downtime.

KMES Series 3 features overview

The

 device enables you to deploy and maintain an Enterprise Key Management solution, giving users complete control over the lifecycle of security keys. In addition, a comprehensive SDK is provided with the device to manage key distribution and administration. You can use this device effectively for the following enterprise-level business use cases:

Feature

Description



Cloud Key Management

The

 remote cloud service enables you to independently manage key distribution by bringing your own key generated through the secure internal HSM and transferring to your cloud environment using encryption key wrapping.



End-to-end Data Protection

You can manage application encryption, Transparent Database Encryption (TDE), file encryption, and tokenization through the

 with the cryptographic protection validated by the FIPS 140-2 Level 3 standards that are enforced throughout the process.



PKI Management

Businesses can use the

 to build an expansive and robust Public Key Infrastructure (PKI), enabling you to go offline and perform certificate signing and issuing to secure your PKI.



Code Signing Management

The

 enables you to manage Code Signing Requests (CSRs) in a secure manner for Internet of Things (IoT) devices, Authenticode Digital Signatures, Java applications, and Continuous Integration/Continuous Development (CI/CD) for code deployments.



Financial Key Management

The

 enables financial institutions to securely manage EMV payment processing operations with the option to remotely manage the entire key loading process, giving you the flexibility to control key loading from practically anywhere.



You can manage the

 by using the following different methods:

  • The Futurex Command Line Interface (CLI) application
  • The local application interface, an Excrypt Touch device
  • A remote desktop session

This guide illustrates how to manage keys and key groups by using the remote desktop interface.

Integration overview

This guide shows how to configure offline Root CA functionality on the

.