About Open Industrial PKI


Our vision is to provide industrial device manufacturers, machine builders and machine operators with easy and free access to digital identities


Open Industrial PKI was initiated in 2023 by the Black Forest Campus and Keyfactor. We are now in the process of further expanding the service and providing more functionalities. Are you interested in working on Open Industrial PKI? Please visit our partner page for more information.

Open Industrial PKI in a nutshell

Open Industrial PKI is a free service that offers managed X.509 certificates to the industrial community. The primary purpose of this initiative is to provide standardized interfaces, such as EST or CMP, along with predefined entity profiles for the seamless issuance and management of X.509 certificates.

Operated by Campus Schwarzwald gGmbH in cooperation with Keyfactor, Open Industrial PKI is a non-profit competence network. The network founders are committed to providing a reliable and free X.509 certificate service to support the digital security needs of the industrial sector.

To ensure transparency and compliance, Open Industrial PKI’s Certificate Policy (CP) and Certification Practice Statement (CPS) follow the guidelines outlined in IETF RFC 3647. These documents are easily accessible through the network’s Web site. In addition, users can conveniently raise issues or submit requests via the project’s GitHub repository.

The Open Industrial PKI registration process includes validating applicants, which requires organizations to provide their Business ID for verification. Once validated, token-based authentication is used to ensure a secure and controlled environment, and access to services is granted only through the designated interfaces.

The GitHub repository serves as the main platform for Open Industrial PKI, hosting essential tools, facilitating issue tracking and handling user requests. It enables active collaboration within the community, fostering continuous improvement and knowledge sharing.

Open Industrial PKI offers a wide range of certificate services with pre-defined templates for various industrial use cases. These templates include OPC-UA, MQTT, TLS, VPN, Device ID certificates, and CodeSigning certificates. By using these templates, users can streamline the certificate issuance process and ensure compatibility with their specific devices and configurations.

The interfaces provided by Open Industrial PKI demonstrate the versatility of the service, allowing users to request and process certificates using different methods such as EST, CMP, REST and more. This flexibility ensures that organizations can choose the most appropriate approach based on their specific needs and existing infrastructure.

For more information, please feel free to contact us through open.industrial.pki@campus-schwarzwald.de.


You want to use Open Industrial PKI? Then register today