Key Management - PKI

Professional cloud key management
with ultimate secure hardware protection 

Ultimate cloud security


We have turned a world-leading PKI system into a product that you can launch and get it all setup and ready for the first certificate without any hassle.


Secure and Trusted

Enigma Bridge provides physical security for your private keys. The protection is provided with FIPS140-2 Level 3 certified hardware that makes your keys untouchable.

Driven by your policies

Complete Control

EB PKI gives you a complete control for your key management. From the number of CAs and sub-CAs to certificate profiles.

Start Your PKI in
18 Minutes and 39 Seconds

EB PKI is designed for internal public key management and you can start issuing your own certificates within 20 minutes. Fast, cost efficient, and secure PKI system for everyone.

Certificates are signed by secure hardware to ensure high-level of security while you get all the benefits of the cloud.

Enigma Bridge brings you a fully featured and simple PKI system with a certification authority and an OCSP responder supported with FIPS140-2 Level 3 hardware-protected keys. Includes an out-of-the-box HTTPS with a browser trusted certificate.

PKI Key Security

The keys used by the PKI system are only available in secure hardware. They neither leave it nor get stored on disk or memory.

Access Security

The default authentication of administrators is with client-side HTTPS authentication. Your initial key in a PKCS12 / PFX package is create automatically.

Operation Audit

Logs of PKI private keys are available for audit and inspection. Weekly summary reports are possible as well.

Enigma Bridge Key Management Features

The key management system is powered Enigma Bridge hardware encryption platform and the EJBCA PKI application from PrimeKey (one of the best PKI app around).

  • Certificate Authority – an X.509 certificate authority supporting a wide range of protocols including X.509, PKIX (RFC5280), SCEP, or CMP (RFC4210 and RFC4211).

  • Registration Authority – a front-end for manual approvals of certificate requests.

  • OCSP Responder – on-line certificate validation according to RFC2560, RFC6960 and RFC5019.

  • Physical security of PKI keys – keys for issuing certificates are protected with secure hardware with FIPS140-2 Level 3 and Common Criteria EAL4+ or EAL5 certifications.

  • Domain Name with HTTPS – out-of-the-box HTTPS to your new PKI system with DNS records instantly and securely updated each time you restart the EC2 instance.

For a full of the features of EJBCA PKI application, please visit the PrimeKey website.

Get Started with 7 Days' Free Trial

7 day free trial,
see the EB PKI pricing below.

We recommend the "t2.small” AWS EC2 instance (~$25/month), minimum required instance is “t2.micro”.
Just select an Amazon AWS region from the drop-down list and start launching your PKI.

AWS Access Instructions

  • Make sure that the security group of your EC2 instance allows external TCP communication at ports 443 and 8443.

  • Use a secure connection client (SSH/Putty) to connect to your EC2 instance once it is runnning. (detailed instructions)

  • Please run the command "sudo ebaws", and type "init" on the prompt. (detailed instructions)

  • Follow any additional instructions. We request your email address to create an account at

  • Install an administrator authentication key - a secure replacement of passwords. (detailed instructions)

The web interface is available via your new PKI domain name. It is shown at the end of initialization.

Our aim is to provide managed service. Part of our process is to collect data from installation to help you troubleshoot any potential problems. You can see all data in your account at


You can add additional details once you submit a request. A new instance will be launched within one working day of the first invoice fully paid. 
All prices are exclusive of VAT.


  • Full-featured PKI system

  • FIPS 140-2 protection of keys

  • Dynamic domain name

  • Low OCSP load*

  • Operation Support

  • £199 / month

* we guarentee only up to 500,000 OCSP verifications in 24 hours (i.e., 300 / minute).


  • Full-featured PKI system

  • FIPS 140-2 protection of keys

  • Dynamic domain name

  • High OCSP load

  • Solution support

  • Common Criteria EAL4+ for PKI

  • Enterprise Management

  • Tailored pricing