Trustis specialises in building PKIs and we use our established methodology called PKI Builder to purpose-build a flexible, high-assurance, low-risk, fixed price PKI, that is guaranteed to work using the technology best suited to the application.

PKI Builder

More than 100 large-scale, high assurance PKIs successfully delivered

We can deliver all types of PKI including solutions for:

  • Authentication
  • Digital Signatures
  • ePassport
  • eID
  • Qualified Certificates
  • Wi-Fi

Our package includes a review of business requirements, design, written policies and procedures, legal and regulatory compliance, technology selection and implementation, and pre-production testing through to live deployment.

At the end of the PKI Builder process you will have a fully developed, standards-compliant and flexible infrastructure that can be run in-house, hosted by Trustis at our Trust Service Centres or with your preferred cloud provider.

Technology we have deployed includes:



Root CA, Operational CAs and HSMs

Trustis has been hosting and managing PKIs since 1999.  This is a popular option for organisations that require a secure, well-managed compliant PKI and don’t have the operations staff with the PKI skills or time to manage it properly.

We can host the entire PKI at Trustis or just the Root CA and HSMs, with the Issuing CAs located in your data centres or at your cloud provider. Either way, the Managed PKI is provided to the very highest standards and maintains compliance with industry schemes.

Once your PKI design has been agreed, we will deploy all or parts of your PKI in our tScheme-approved, ISO 27001 accredited “Certificate Factory” where it is fully managed by the security-cleared Trustis team, according to your PKI Policy.

Our flexible deployment model allows you to take as much control as you wish – such as handling certificate registrations/enrolment while we operate and maintain the health of the infrastructure.

Trustis’ approach is probably the most cost-effective, flexible solution available.


Fast to deploy Microsoft Certificate Services PKI

Trustis Azure PKI is based on Microsoft’s PKI technology and designed to offer PKI services to organisations that extend their data centre into the cloud.  We design the PKI to fit your infrastructure and specific corporate requirements, deploy it and define the policy, processes, and control aspects of the solution.

Once the implementation is completed, Trustis will run and manage the PKI for you and host the Root CA in our tScheme-approved “Certificate Factory”.

Trustis Azure PKI delivers numerous benefits:

  • Quick to implement, fully-featured PKI
  • No certificate-based licensing
  • Fully scalable PKI based on Active Directory Certificate Services
  • Tightly integrated with the customer’s Active Directory
  • Encryption keys stored in HSMs outside of Azure
  • Verified and stable platform
  • Hybrid option with components in customer’s data centre
  • Fully developed Certificate Policy and supporting procedures
  • Service run by Trustis PKI experts