The digital trust landscape is changing fast, and for Qualified Trust Service Providers (QTSPs), the pressure to deliver secure, compliant, and scalable services has never been greater.
Qualified electronic signatures (QES), Qualified seals, and trusted cloud signing workflows are critical for regulated industries. However, not every Public Key Infrastructure (PKI) can handle the unique demands of qualified trust.
The reality is simple: not all PKIs are created equal.
Why standard PKI doesn’t cut it for QTSPs
Most PKIs were originally designed for familiar enterprise use cases like SSL/TLS, VPNs, or device authentication. QTSPs operate in an entirely different league.
Delivering qualified trust means handling advanced certificate management, secure one-time signing credentials, Hardware Security Modules (HSMs), and strict compliance with standards like eIDAS and ETSI.
Purpose-built for qualified trust
At Ascertia, we’ve designed our PKI and trust service stack specifically for QTSPs, right from the start. Instead of adapting a legacy Certifying Authority (CA), our platform is engineered to meet the exacting requirements of qualified trust.
Here’s why Ascertia’s PKI is different:
- Qualified and advanced certificates: Issue long-term and one-shot disposable signing certificates from the same trusted CA engine.
- Native SAM integration: Enable Qualified remote signatures (QRS) and Seals with HSM-backed Secure Signature Creation Devices (SAMs) for full eIDAS compliance.
- Aligned with standards:
-
ETSI EN 319 411-1/-2
-
EN 319 421, EN 319 422
-
Ready for eIDAS 2.0, including Qualified Wallet Certificates
-
- Flexible issuance workflows: Serve end users, automated systems and third parties through simple, secure onboarding and lifecycle management.
Whether you’re issuing a certificate valid for two years or two minutes, you need infrastructure that handles efficiently and at scale.
Designed for real-world architectures
Most QTSPs already have SAMs and HSMs in place. Replacing these outright can be costly and disruptive. That’s why we built Ascertia’s SAM Appliance to be HSM-agnostic - giving you the freedom to integrate with what you already trust.
- No vendor lock-in: Use the HSM that works for you - Utimaco CP5, Thales Luna & ProtectServer, Entrust nShield, and more.
- Flexible deployment: On-premises, in the cloud, or hybrid - our PKI and SAM components flex to fit your architecture.
- Certified compliance: Our independently certified SAM ensures eIDAS compliance with audited hardware, not just software workarounds.
The full stack, ready for what’s next
Building trust doesn’t stop at certificate issuance. Ascertia’s PKI ecosystem includes:
- ADSS OCSP Server: For real-time certificate status checking, meeting EN 319 411 and EN 319 401.
- ADSS TSA Server: For qualified timestamping, trusted by national schemes and large-scale QTSPs.
These modules can run natively or integrate with your existing CA to strengthen your qualified trust chain end-to-end.
Trusted by leading QTSPs
Across Europe, the Middle East, Africa, and Asia, national schemes and leading QTSPs rely on Ascertia to deliver compliant digital trust services today - and be ready for tomorrow’s standards like eIDAS 2.0, CSC v2, and digital wallets.
Our solutions help technical leaders deploy faster, scale confidently, and maintain compliance without unnecessary vendor lock in.
If you’re ready to strengthen your trust services with PKI designed for QTSPs, we’d be glad to help you build the future.
Contact us to discuss how Ascertia can support your trust service roadmap.
