Go To Content Go To Menu

PKI

MTG Public Key Infrastructure Platform – MTG CARA

Public Key Infrastructure platform for the generation, use and management of digital certificates for different industry requirements.

We are happy to assist you by phone:

+49 6151 8000-0
Call us now Call us now
Book Consultation Book Consultation

Get your free consultation with one of our experts!

Request Appointment
Request Info Request Info

Get in touch and receive more information personalized to your
own solution!

Contact us now
MTG CARA

PKI Platform / Certification Authority

A Public Key Infrastructure (PKI) is required for the production, use and management of certificates. MTG CARA is a is a flexible and configurable, multitenant Certification Authority system for a certificate-based and thus highly secure and confidential communication via the Internet. MTG CARA covers all functions for issuing, distributing and validating digital X.509 and CV certificates. Based on this PKI platform, different CA systems are offered according to specific industry and customer requirements.

Industry-specific Public Key Infrastructure (PKI) solutions for the generation, use and administration of digital certificates

Industry-specific Public Key Infrastructure (PKI) solutions for the generation, use and administration of digital certificates
(© MTG AG)

Public Key Infrastructure - MTG CARA Architecture

MTG CARA Architecture (© MTG AG)

The MTG CARA architecture is part of the overall MTG ERS ® system. This means that the system can be expanded with further important security components whenever required. This includes the 

The targeted entities (servers, frontend, mailserver...) can be optimally accessed via REST, LDAP and CMP.

Features MTG CARA

Feature Overview MTG CARA

Feature Overview MTG CARA (© MTG)

Feature

Description

Multi-tenant Capability

  • Management of large volumes of certificates by domain concept

CA Hierarchy

  • Offline/online Root CA
  • Subordinate CAs
  • Unrestricted number of Root and Sub CAs

Support of Different Applications

  • Certificate formats: X.509, Card Verifiable Certificates (CVC), Attribute Certificates (AC), Post-Quantum-Cryptography Certificates etc.
  • Certificate templates for CA, mail, TLS, IoT, network devices, mobile

Easy Integration into Applications

  • REST API for registration authorities, certificate lifecycle management, corporate frontends, …

HSM Support

  • Hardware Security Module support using PKCS#11 or HSM vendor specific interfaces (Utimaco, Thales, Entrust)
  • LAN HSMs, Smart Cards, USB HSM

Crypto-Agility

  • Easy and smooth replacement of cryptographic algorithms
  • PQC support already integrated

Certification and Evaluation

  • MTG CARA can use Hardware Security Modules which are Common Criteria EAL4+ certified (e.g. Utimaco)
  • MTG CARA can be operated according to BSI TR-03145 Secure Certification Operation
  • All processes at MTG including development are certified according to ISO 27001

Identity Management

  • OpenID Connect and SAML support
  • Strong authentication using X.509 Certificates
  • Usable for API and operator authentication

High Availability / Scalability

  • MTG CARA is specifically designed to operate in clustered, high available environments
  • All its components (database, web servers, HSMs) can scale up and down independently according to operational needs. MTG CARA is designed to work well in a clustered, high availability setup

Roles and Rights Management

  • Separation of roles and rights (e.g., according to BSI TR-03145)
  • Special rights and roles concept for mapping your organizational structure

LDAP/Active Directory Integration

  • Certificates and CRLs can be exported to LDAP server or Active Directory

Smart Card support

  • Smart card support of web applications 
  • Easy integration into web browser
  • Support of different smart cards (e.g., ID Key, NetKey, SignatureCard, CardOS, Starcos)
  • Use cases:
    • Personalization of smart cards
    • Certificate creation
    • User authentication
    • PDF signatures
    • PIN/PUK management

Certificate Revocation

  • OCSP responder according RFC 6960
  • OCSP stapling according to RFC 6961
  • LDAP and HTTP CRL distribution point support 
  • Reliable and high performance
  • Logging & auditing

Our experts will advise you in detail on all questions regarding the use and implementation of MTG CARA, our public key infrastructure, in your company.

Industry-specific PKIs

Certificate-based solutions can be used in a variety of ways. Thanks to the modular design, the MTG PKI can be easily adapted and cost-effectively used in a wide range of industries..

Downloads & Links

What can we do for you?

For further information feel free to contact us!

Lädt …