Evertrust PKI

Evertrust Stream is a comprehensive Public Key Infrastructure (PKI) solution that issues, manages, and validates digital certificates with 3 primary capabilities within a unified architecture:
Certificate Authority (CA), Validation Authority (VA), and Timestamping Authority (TSA).

The CA module manages an unlimited number of certificate authorities and trust chains, issuing RFC 5280-compliant certificates. The VA component serves as an OCSP responder compliant with RFC 6960 for certificate validation. The TSA functionality provides RFC 3161-compliant timestamping services.

Stream boasts a flexible key management architecture. It can consume private keys from a variety of sources including hardware security modules (HSMs) and cloud key management services such as Google KMS, Amazon KMS, and Azure Key Vault. This design enables organizations to maintain strong security while leveraging existing cryptographic infrastructure.

Stream is built for high availability and performance, with all components deployable in active-active configurations. The solution stores all configuration and certificate data in a MongoDB database, which can be deployed as a standalone instance, in high-availability mode, or as a managed service.

For deployment, Stream offers multiple options including installation as a Linux service or as a containerized solution within Kubernetes environments.

Stream integrates with Evertrust CLM (Horizon) for complete certificate lifecycle management, creating a unified digital trust infrastructure where certificates are not only properly issued but also effectively managed throughout their lifecycle.