Public Key Infrastructure for PostFinance

Extendable base PKI

Design and setup of an extendable base PKI including a certificate management system for user and node certificates.


  • Platform-independent configurable PKI
  • Supports PostFinance-specific processes
  • Clear separation of Registration Authority (RA) and Certificate Authority (CA)
  • 4 node CAs, hierarchy of user certificates, certificate profiles, administration permissions, ...
  • Certificate administration, lifecycle support, validation, emergency support


  • Based on open source PKI project (EJBCA)
  • Platform-independent Java EE application
  • CA keys on Hardware Security Module (HSM)