Permits creation of root as well as subordinate issuer CAs
Supports various logical PKIs comprised of CAs with their own certificate signing keys
Offers potential to set up various certificate profiles
Supports various configurable certificate templates, such as SSL server or client, email signing or encryption, EV SSL, DRM, IPSec, TSA certificates, code signing, and so on
Offers straightforward server-side and client-side key generation
Supports LDAP/HTTP publication and X.509 CRL issuance
CWA 14167-1 certified security management to guarantee qualified CA services
Supports Hardware Security Module (HSM) centered CA private key storage and processing
Offers RSA certificate signing
Offers ECDSA certificate signing
Supports various hash algorithms
High resilience, availability, and throughput capability
Makes use of solid access control and operator authentication
