Go To Content Go To Menu


MTG Managed Corporate PKI

The Darmstadt-based infrastructure provider DARZ GmbH is now offering companies the opportunity to operate a dedicated corporate PKI as a managed service at a reasonable price. The underlying Corporate PKI with Certificate Lifecycle Management is provided by MTG.

With a Managed PKI, companies are able to focus more quickly on securing their business processes and to use the ready-built PKI immediately.

MTG Corporate PKI with Certificate Lifecycle Management

Statistics of a Managed Corporate PKI

As an experienced provider of PKI solutions, MTG has developed a Corporate PKI  that secures all company-relevant processes throughout the entire lifecycle of certificates. Processes for issuing, renewing and revoking certificates can be centrally automated, managed and controlled for various use cases (e.g., e-mail certificates, router and server certificates or the secure connection of home office workstations...). Certificate Lifecycle Management ensures that no certificates expire unintentionally and allows many associated processes to be automated.

Selected Permission Settings

Range of services at DARZ

In cooperation with the long-term cooperation partner and Darmstadt-based infrastructure provider DARZ GmbH, a new managed service offering for PKI was created on the basis of MTG Corporate PKI. Trusted authentication, verification, integrity and encryption for critical and sensitive corporate processes and applications are thus available at short notice. Companies can concentrate more quickly on securing their business processes and use the ready-built PKI immediately. The Managed Corporate PKI is operated in a geo-redundant and fail-safe manner in an IS027001 and DIN EN50600 Cat lll certified data center.



Root CA

A dedicated Root CA is set up for each customer as a trust anchor for the entire company.

Setup Sub-CA

The customer receives a Sub-CA under this Root CA which he can operate to issue his use-case-specific certificates. Additional Sub-CAs can be set up easily at customer request. This makes sense, for example, if different trust chains need to be defined for different areas of the company.

Private & public certificates

The Managed PKI allows cost-effective private certificates to be generated and managed for a wide range of use cases in the company.

In addition, it is possible to use the Managed PKI to apply for public certificates directly from public CAs and to use them for further administration in the Managed PKI.

Hotline DARZ

Ticket system and hotline are available for questions and problems.

Operation and Managed Services

The Managed PKI is operated in an IS027001 and DIN EN50600 Cat lll certified data center in a geo-redundant and fail-safe mode.

The managed service comprises:

  • the setup and configuration of the dedicated root and sub CAs, CLM, ACME EST, CMP servers and OCSP responders by experienced PKI experts in accordance with BSI crypto requirements TR-03116
  • the connection to a HSM cluster
  • security patch management of the underlying operating systems and databases
  • maintenance of the PKI software
  • monitoring the availability of the infrastructure and applications
  • proactive monitoring of log files
  • monitoring and renewal of the certificate validity periods of the root CA and sub-CA
  • backup and restore processes
  • ensuring PKI availability requirements, especially for the provision of revocation information (e.g., OCSP service)


Detailed training videos are available online to familiarize users with the essential functions.

Consulting packages

Useful consulting packages facilitate the start of PKI operations and support the preparations as well as the implementation of specific use cases: e.g., consulting for the automation of processes, creation of a Certificate Policy and Certificate Practice Statement, design of certificate templates, set-up of a comprehensive reporting system, etc.

Professional Services

With a Professional Service Contract signed directly with MTG, users get full support from MTG's experienced PKI experts.

Managed PKI vs. On-Premise PKI

Implementing and operating an on-premise PKI is a demanding and complex task. This option is particularly useful for companies that have special use cases and requirements that need to be implemented. These can be, for example, regulatory requirements that have to be met or the provision of IoT devices with certificates during production. The implementation of extensive services (e.g., in the health care sector) would be another suitable use case for an on-premise PKI. It is also possible that the company is simply large enough and that both the existing infrastructure and the necessary specialist personnel are available to operate their own PKI on-premise.

For most of the other cases, it is worth having a look at a Managed PKI. Such an offering can be implemented with significantly less effort and preparation time. Trustworthy authentication, verification, integrity and encryption for critical and sensitive corporate processes and applications are thus available at short notice. Companies can focus more quickly on securing their business processes and use the ready-built PKI immediately. With a Managed PKI, there is no need to worry in advance about secure configuration, backup concepts, fail-safety, scaling or access rights, or to provide the necessary infrastructure. There is no need to build up in-depth PKI and IT security know-how with the appropriate specialist staff and training. The handling of hardware security modules and the required specialized knowledge can also be left to the service provider.

Due to high personnel, infrastructure and operating costs, the expenses for an on-premise PKI are usually much higher than the costs for the software licenses, which are relatively low. Even free open-source PKI solutions therefore do not make a significant contribution to reducing overall costs.

A modern managed PKI should originate from a trusted provider and be able to be setup specifically for the user. It should scale with the requirements and protect the keys according to state-of-the-art technology. Simple user-friendly operation and advanced certificate lifecycle management are important selection criteria. Last but not least, the costs for operation should be transparent.

Downloads & Links

What can we do for you?

For further information feel free to contact us!

L├Ądt …