US - English

Private CA (Private PKI)

NicSRS private CA service is a cloud-based private CA service (PKI service) that allows you to easily and securely manage self-issued certificates without high initial investment in equipment and systems, while effectively reducing maintenance costs. Private CA service can meet the digital authentication needs of all types of businesses for intranet SSL certificates, S/MIME and device certificates.

Private CA (Private PKI) Private CA (Private PKI)

Product Advantages

The private CA Cloud Certificate Manager (CCM) is a service for cloud-based certificate issuance and full lifecycle management. It can provide SSL certificate management and private certificate management services.

Low Cost

Users do not need to build and maintain complex CA infrastructure, and can easily obtain CA management and certificate management service on


NicSRS private CA system is in compliance with the international FIPS-12 standards and is safe and reliable.

Easy to Integrate

API supported. Customers can connect the cloud CA system to various applications for certificate management and authentication, etc.

Powerful Functions

It provides unified management of certificates and keys, and is able to serve and manage millions of certificates. It also supports certificate revocation list to remind customers of certificate status in time to avoid certificate expiration.

Application Scenarios

The private certificate management service, while adhering to industry compliance standards, offers dedicated CAs to enterprises and enables you to manage your certificates on the cloud certificate management platform.

Website Access Encryption

HTTPS encryption is provided for intranet websites to realize fully encrypted access to the internal network and avoid security risks.

Login to Systems

User identity certificates can be issued for system login or identity authentication during VPN connection.

Email Encryption and Signature

User ID certificate issued by the private CA can be used to encrypt and sign emails to prevent against phishing and information leakage.

IoT Certificate

The identity certificate issued can be used to identify devices and enable the two-way handshake between devices and data centers.

Application Scenario

Private CA Features

Private Root Certificates

The system supports private root certificates or intermediate certificates by NicSRS self-signed roots to meet the needs of enterprise internal certification or NicSRS ecosystem mutual trust.

Certificate Lifecycle Management

Provide digital certificate management panel to support the application, issuance, inquiry and cancellation of self-signed digital certificates.

Various Types of Digital Certificates

SSL certificates, user certificates, website encryption, identity authentication, document signing, email signing, device identification, etc.

Support Multiple Algorithms

Users can apply for RSA algorithm certificate with up to 4096-bit encryption. And users can choose from SHA256 and SHA512 algorithms too.

Certificate Status Query

Perfect API management function. Third-party systems can realize digital certificate management through API docking.

Customized Validity Period

Customers can issue digital certificates valid for up to 10 years or more as well as root certificates valid for 30 years.

Secure and Reliable Key Storage

The system provides cloud-based key management services to ensure that the key storage complies with international standards.

Certificate Validity

Private root CAs have a validity period of 1 to 30 years, and private certificates 1 to 20 years.

Private CA Q&A

QHow to create root CA and subordinate CA?


A private CA, in its simplest hierarchy, has two CA levels: Root CA and subordinate CA (intermediate CA). The subordinate CAs are signed and trusted by the root CA and are at the lower level of the hierarchy.

When creating a private CA for the first time, you must first create a root CA.

Each user can create 100 CAs. Private CAs that are scheduled for deletion also count, until they are deleted.

QHow to activate a subordinate CA?


If you use the private CA to generate a subordinate CA, you will need to activate it in order for it to become effective and be used to sign certificates.

Private CA: Use the existing private CA provided by NicSRS cloud CA service to activate subordinate CAs.

QHow to apply for a private certificate?


After creating and activating a private CA through NicSRS management console, you can apply for a private certificate with your private CA for internal identity authentication and data encryption.