Implementing Private PKI with IronWiFi

In this article we are looking closer at the Private PKI implementation with the modular IronWiFi PKI solution

Thanks to our modular PKI infrastructure we are able to offer the Private PKI for our most demanding customers. Whilst security level of our standard offering leaves nothing to be desired, we are able to offer two additional solutions for our Enterprise customers that are interested in issuing the Client and Device certificates via SCEP using their own Issuing Certificate Authorities.

The first option is for the customer to order the hybrid solution, where our Root Certificate Authority signs the Private Signing Certificate Authority for the client, and all client and device certificates requested via SCEP will be signed by their own Private CA. The private key is generated in the HSM and is non-exportable.

The second option is for the customer to generate their own Private CA's keypair and either wrap the private key for secure sending it to us, where we upload it to our HSM based Key Management System infrastructure, or generate the private key in their own Cloud / On-Prem based HSM and allowing our SCEP signing server to access the API over the secure tunnel.

If you are interested in implementing your own Private PKI backed by the secure and robust IronWiFi PKI infrastructure, please get in touch by emailing us at or give us a call at +1(800) 963 6221