Enterprise Resource Security
Mastering Cryptographic Key Lifecycles

MTG Public Key Infrastructure Platform - MTG CARA

Public Key Infrastructure platform for the generation, use and management of digital certificates for different industry requirements.


PKI Platform / Certification Authority

A Public Key Infrastructure (PKI) is required for the production, use and management of certificates. MTG CARA is a is a flexible and configurable, multitenant Certification Authority system for a certificate-based and thus highly secure and confidential communication via the Internet. MTG CARA covers all functions for issuing, distributing and validating digital X.509 and CV certificates. Based on this PKI platform, different CA systems are offered according to specific industry and customer requirements.

Svg+xml;charset=utf 8,%3Csvg Xmlns%3D'http%3A%2F%2Fwww.w3

Industry-specific Public Key Infrastructure (PKI) solutions for the generation, use and administration of digital certificates (© MTG AG)

The MTG CARA architecture is part of the overall MTG ERS ® system.
This means that the system can be expanded with further important security components whenever required.

This includes :
- MTG Certificate Lifecycle Manager
- MTG Enterprise Key Management System
- The appropriate Hardware Security Modules.

The targeted entities (servers, frontend, mailserver...) can be optimally accessed via REST, LDAP and CMP.


Overview MTG CARA

Our experts will advise you in detail on all questions regarding the use and implementation of MTG CARA, our public key infrastructure, in your company.

  • Management of large volumes of certificates by domain concept
  • Offline/online Root CA
  • Subordinate CAs
  • Unrestricted number of Root and Sub CAs
  • Certificate formats: X.509, Card Verifiable Certificates (CVC), Attribute Certificates (AC), Post-Quantum-Cryptography Certificates etc.
  • Certificate templates for CA, mail, TLS, IoT, network devices, mobile
  • REST API for registration authorities, certificate lifecycle management, corporate frontends
  • Hardware Security Module support using PKCS#11 or HSM vendor specific interfaces (Utimaco, Thales, Entrust)
  • LAN HSMs, Smart Cards, USB HSM
  • Easy and smooth replacement of cryptographic algorithms
  • PQC support already integrated
  • MTG CARA can use Hardware Security Modules which are Common Criteria EAL4+ certified (e.g. Utimaco)
  • MTG CARA can be operated according to BSI TR-03145 Secure Certification Operation
  • All processes at MTG including development are certified according to ISO 27001
  • OpenID Connect and SAML support
  • Strong authentication using X.509 Certificates
  • Usable for API and operator authentication
  • MTG CARA is specifically designed to operate in clustered, high available environments
  • All its components (database, web servers, HSMs) can scale up and down independently according to operational needs. MTG CARA is designed to work well in a clustered, high availability setup
  • Separation of roles and rights (e.g., according to BSI TR-03145)
  • Special rights and roles concept for mapping your organizational structure
  • Certificates and CRLs can be exported to LDAP server or Active Directory
  • Smart card support of web applications 
  • Easy integration into web browser
  • Support of different smart cards (e.g., ID Key, NetKey, SignatureCard, CardOS, Starcos)

Use cases:

  • Personalization of smart cards
  • Certificate creation
  • User authentication
  • PDF signatures
  • PIN/PUK management
  • OCSP responder according RFC 6960
  • OCSP stapling according to RFC 6961
  • LDAP and HTTP CRL distribution point support 
  • Reliable and high performance
  • Logging & auditing
Svg+xml;charset=utf 8,%3Csvg Xmlns%3D'http%3A%2F%2Fwww.w3

Register your business email

Send us your request

Get access and issue your first certificate

Take a deep dive in a future enterprise resource security platform!

Protect your assets with MTG ERS, the modern and innovative certificate and key management platform.