About Keyfactor
Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale — and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com.
Overview
By using Thales TCT Luna T-Series Network HSM, federal agencies can be assured the most critical keys in their PKI are generated and stored in a trusted, FIPS 140-2 Level 3 certified HSM designed and built in the United States.
Once generated by the HSM, the private keys never leave the hardened appliance and are utilized by EJBCA components via cryptographically secured communication links. At no time are these critical keys exposed to threats that exist in the external operating environment.
With a focus on security, EJBCA offers a powerful approval system and signed audit logs. It can utilize the Luna T-Series Network HSM for all critical keys in the system, including not CA private keys and private keys used for Transport Layer Security (TLS), Online Certificate Status Protocol (OCSP), and audit log signing.
By integrating EJBCA Enterprise and Luna T-Series Network HSM, federal agencies will have a PKI that was designed from ground up with best security practices in mind.