The foundation for reliable user-, application- and device authentication, secure communication and data authenticity

u.trust Identify

u.trust Identify – Identity generation, renewal, revocation, and lifecycle management for digital certificates

CryptoServer SDK
  • The all-in-one Solution to deploy and operate a Public Key Infrastructure (PKI)
  • Easy provisioning of digital certificates for users, applications, networks or devices – establish a chain of trust for any industry and use case
  • The ideal foundation for secure communication, authentication, access control and data authenticity
  • Ensure confidentiality, authenticity, and non-repudiation of sensitive information
Key Benefits

Key Benefits


Certificate Management System

The Certificate Management System (CMS) is the core interface to the PKI offering certificate lifecycle management and a single pane of glass on all your certificates. It ships with an intuitive Web UI, scripting capabilities and notification service and support for an unlimited number of Certificate Authorities (CAs).


Certificate Authority

The Certificate Authorities (CAs) are scalable modules with built-in HSM support and highly customizable certificate profiles.


Validation Service

The Validation Service (VS) is the single point of contact for all certificate status related queries including Certificate Revocation List (CRL), as well as Online Certificate Status Protocol (OCSP) responder and proxy.



u.trust Identify – The flexible and scalable all-in-one solution to deploy and operate a Public Key Infrastructure (PKI)

Whenever networks, devices, applications, and users are connected, their identity must be securely authenticated. A Public Key Infrastructure (PKI) is the most powerful tool for their authentication enabling trust relationships and secure electronic transfer exchange of information between the involved entities.

u.trust Identify is UTIMACO’s flexible and scalable all-in-one solution to deploy and operate a PKI. The solution provides all core components that are needed for setting up and running a PKI and the secure and reliable generation, issuance, renewal, and revocation of certificates:

Certificate Authority (CA), Certificate Management Systems (CMS) which also acts as a Registration Authority (RA), Validation Service (VS) including Online Certificate Status Protocol (OCSP) Responder and Proxy, as well as CRL support, and support for Active Directory Certificate Service (ADCS) integration. The flexible design allows for easy adaption of requirements from different industries, applications and use cases with minimal configuration effort. Whether it is smart metering, eHealth, wearables, eID, document signing, S/MIME, TLS, or a combination of all these use cases – u.trust Identify is the perfect fit.

Please reach out to us to schedule a demo!

Quick and easy setup

  • Flexible deployment with multiple scripting and integration options
  • Support for key and CSR generation in the web UI

Multi-tenant capability

  • Support for multiple tenants, virtual CAs and OCSP proxying
  • Support for enrollment at other CAs to act as trusted Sub-CA
  • Multi-tenant and multi-CA support

Highly customizable

  • Automization via scripting and APIs
  • Module customization through Utimaco’s Professional Service & Support
  • Intuitive User Interface (UI)
  • Flexible and customizable certificate profiles per CA

Easy centralized administration and management

  • Directory based User Management (Microsoft Active Directory (MS AD) or Lightweight Directory Access Protocol (LDAP) integration)
  • Easy to operate via Web UI, shell and scripts
  • Built-in role management and separation of duties
  • Support for m of n approval chains allowing x-eyes principle authorization of CSRs.
  • Fine grained role and permission management
  • Certificate profile and lifecycle management
  • Notification Service on expiring certificates

Seamless integration

  • Built-in HSM support
  • Support for different certificate formats (X.509, CVC (Card Verifiable Certificates))
  • Support for various enrollment protocols (CMP, SCEP, REST, ACME, etc.)
  • LDAP or AD integration
  • Support for ADCS
  • Pre-configured certificate profiles (e.g. TLS or Timestamping) and support for customization
  • Import of existing CAs with private key and certificate migration
  • Upload of 3rd party X.509 certificates


Secure key storage and cryptographic processing for common business applications

Find more details

CryptoServer CP5

The eIDAS Compliant and CC-Certified Qualified Signature Creation Device (QSCD)

Find more details


Reliable proof of existence and status of documents and electronic records at a specific point in time

Find more details

Contact us

We look forward to answering your questions.

Our Partners

Look for the best implementation or distribution partner for your project.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.