Dedicated

Your own Certificate Authority, dedicated to your organization

Compare Options Talk to a PKI specialist

SSL’s Dedicated PKI products give your organization a privately owned CA hierarchy: your Root CA, your Issuing CA(s), your certificate policies. Two products differ on one axis, whether WebTrust audit coverage is required.

Private Compliance PKI

Audited compliance-grade PKI for regulated industries and ecosystem trust. Independent WebTrust audit covers your dedicated hierarchy: evidence accepted by regulators, partners, and customers for SOC 2, HIPAA, PCI, and industry-specific programs.
Learn more

Private Enterprise PKI

Dedicated PKI infrastructure with full CA control for internal use: no audit program overhead when external compliance assurance isn’t required. Same SSL.com-operated infrastructure, same unified API, faster path to deployment.
Learn more

Both are built on the same FIPS-hardened platform, supported by the same unified REST API, and operated by SSL’s PKI team.

Which product is right for you?

Private Compliance PKI  Learn more → Private Enterprise PKI  Learn more →
What you get Your own Root + Issuing CA(s), WebTrust-audited Your own Root + Issuing CA(s), private trust
WebTrust audit ✅ Included, same audit covers your hierarchy ❌ Not included
Trust scope Internal / partner ecosystem Internal only
Key Ceremony ✅ Auditor-witnessed Standard, documented
Compliance use SOC2, HIPAA, supply chain, banking, IoT Internal operational PKI
PQC (hybrid) ✅ Ecosystem tier ✅ Available
Pricing model Annual tier ($20k–$80k/yr + $10k setup) Monthly subscription
Best for Regulated industries, IoT at scale, audit pass-through Internal mTLS, dev/staging, VPN/Wi-Fi, device identity

If you need to demonstrate independently audited CA governance to partners, regulators, or customers, choose Private Compliance PKI.
If your use cases are internal and third-party audit evidence is not a requirement, Private Enterprise PKI delivers the same infrastructure at lower cost.

Shared platform capabilities

FIPS 140-2 Level 3 HSMs

All CA private keys generated and stored in certified hardware, never exportable in plaintext.

Dedicated Root CA

SSL's PKI operations are independently audited; the same audit covers your dedicated or shared hierarchy.

Enrollment protocols

Full enrollment protocol suite: ACME (RFC 8555) for automated renewal, SCEP for device enrollment, EST (RFC 7030) for constrained devices, REST API for custom integrations. Covers servers, devices, MDM platforms, Kubernetes clusters, and CI/CD pipelines.

Unified REST API

The same SSL.com Web Services (SWS) REST API used for public-trust certificates: one integration covers both private and public PKI needs without separate code paths, credentials, or platform integrations.

Certificate lifecycle

Full certificate lifecycle management: issuance, renewal, rekey, rollover, revocation (OCSP and CRL), expiration alerting via email and webhook, and SIEM export for compliance audit trails.

Observability

Certificate inventory dashboards, issuance analytics with per-template breakdowns, expiration forecasting for fleet planning, and immutable audit logs with tamper-evident timestamping for compliance evidence.

Integrations

Integrations with Active Directory/Entra ID for user enrollment, Microsoft Intune and Jamf Pro for MDM device certificates, Kubernetes cert-manager, HashiCorp Vault PKI backend, and SIEM/SOAR platforms.

Dedicated PKI products are priced and configured per engagement

Our enterprise team will scope your CA hierarchy, select your tier, and design certificate profiles to match your requirements, before any commitment.
Request a discovery call

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information read our Cookie and privacy statement.

3rd Party Cookies

This website uses Google Analytics & Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Show details
Powered by  GDPR Cookie Compliance