Certificate lifecycle management and data integrity

Ensure data confidentiality, data integrity and data reliability through certificate lifecycle management with MetaPKI

Atos, a European leader in IS security, provides MetaPKI, a complete solution to create electronic certificates and manage their lifecycle.

Information system security is an essential issue for organizations moving to paperless exchanges, whether for internal communications or for relationships with partners and customers. Electronic certificates address this need, allowing applications to support security services such as user authentication, non-repudiation of transactions and confidentiality of data exchanges.

Managing security and trust

From strong authentication to access to all functional entities or recording all actions, MetaPKI ensures data security with encrypted sensitive information and private and public keys protected using Hardware Security Modules (HSM).

Bull cyber Trust compliance


MetaPKI is EAL 3+ Common Criteria Certified and is also RGS basic level certified

Enabling growth

As a European security leader, Atos MetaPKI’s modularity and sales conditions enable the smooth deployment of a solution tailored to your organization’s needs. New types of certificates, new management processes, new organizational units and new certification authorities may be added as required.

System requirements
  • Linux platform (e.g. Red Hat or SUSE)
  • Open source international components delivered with MetaPKI: Apache, OpenSSL, PostgreSQL and PHP
  • LDAP Server: when the CA publishes certificates and/or LCR in a directory
  • SMTP Mail Server: when MetaPKI sends notifications related to the management of certificates
Norms and standards
  • Certificate compliance with ITU-T X.509v3 and RFC 5280
  • Certificate enrollment protocols: SCEP, CMP (RFC 2510 et RFC4210), CCEP
  • Certificate profile compliance with ETSI TS 101 862, Netscape and Microsoft
  • Revocation information compliance with ITU-T X.509v2 LCR and OCSP Protocol (RFC 2560)
  • Certification request format: PKCS#10, SPKAC
  • Key exchange format: PKCS#12
  • Connectivity: LDAP, HTTPS, SMTP
  • HSM interface: PKCS#11

Hardware and software for MetaPKI hosting

  • Physical Servers: 32/64 bits platform with at least 4 Gb of RAM, 10 Gb of available disc memory, 2 Ethernet ports
  • Virtual Machines: VMWare, HyperV
  • Operating System: Red Hat 5 and 6 (32 or 64 bits) / SUSE SLES 10 and 11 (32 or 64 bits)
  • LDAP Server: CAs publish the certificates and/or the LCR in a LDAP directory
  • Mail Server: Email sending is possible for each step of the certificate’s lifecycle

Workstations for MetaPKI users

  • Navigator: Internet Explorer 8 version and later, Firefox, Chrome
  • Java Runtime Environment: 1.6 (superior to update 19), 1.7 et 1.8

Smart cards

  • All smart cards with PKCS#11 interface, particularly: CardOS, Gemalto ID PRIME MD840, Gemalto IAS TPC, Gemalto Classic TPC IM, GemaltoCyberflex Access 64k v2, Morpho vpsID SmartCard Ux, ActivIdentity ActivCard 64K V2C


  • All HSM with PKCS#11 interface and particularly: Trustway Crypt2pay profil Protect, Trustway Proteccio®

Electronic certificates may be used to support:
► Strong authentication for users with smart cards or USB tokens (two-factor authentication)
► Strong authentication for web servers (SSL/TLS)
► Strong authentication for VPNs (virtual private networks)
► Electronic signatures to provide integrity and non-repudiation of transactions
► Data confidentiality for data in transit or in storage.

Users and applications are provided with one or more key pairs (a public key and a private key) and public key certificates, generated by a certification authority (CA), that associate the registered user or application with the public key.

MetaPKI supports one or more certification authorities that may be independent, or subordinate CAs.

A whole range of security profiles for public certificates is supported by MetaPKI. For each profile, the registration process may be tailored to the specific needs of the organization and integrated with the existing IS.

A workflow manager handles the registration process in order to minimize the time to produce and manage the certificates through the use of one or more local registration authorities (LRA).

A card management system (GesCard) for managing smart cards, including customization, PIN unblocking, etc.

A validation authority (VeriCert) for checking the validity of a certificate against a validation policy.

The eIDAS regulation allows the European Union to provide a legal framework for transnational digital transactions. Its goal is the enhancement of trusted electronic exchanges. It establishes a framework for electronic identification and trust services, including electronic signatures. Thus, the eIDAS regulation enhances the transparency and reliability of transactions.

Discover how our solutions can help you become compliant.

Learn more

Related resources and news

Factsheet: PKI for IoT – MetaPKI

Managing certificate creation and managing secure identities

Information system security is an essential issue for organizations moving to paperless exchanges, whether for internal communications or for relationships with partners and customers.


Atos releases the security suite for intelligent transportation systems to secure communications in connected vehicles

Atos launches security appliances to make the deployment of trust infrastructures easier

Interested in our MetaPKI solution?