Trust is good,
with dual CA it’s even better
We guarantee our customers the best possible resilience
Globally, the Namirial Group is the first Qualified Trust Service Provider (QTSP) to have a dual Certification Authority (CA). This means that we can offer our clients the highest level of reliability, multiplied by two. We guarantee that you can count on services that are always available and doubly secure.
What are the typical risks of a Certification Authority
The steady increase in online transactions and the use of digital certificates forces QTSPs to handle an ever-increasing volume of transactions to meet the demands of their customers. Such a scenario is naturally exposed to a drop in performance with slow response times or potential moments of downtime and blocking of services.
Continuous improvement and failover mechanisms enable a CA to recover quickly and effectively from such incidents, mitigating the risks associated with downtime or data breaches.
At Namirial, we have always improved our infrastructure to better respond to any difficulties, providing our customers with the highest level of security and reliability and ensuring business continuity. A choice that has rewarded us and prompted us to further raise the level of security and reliability offered.
Our Innovation
To protect our customers’ data and activities even more effectively and to be able to handle even the most critical events, we decided to equip ourselves with a second Qualified Certification Authority, thus doubling our level of security and reliability.
The second Certification Authority is fully equivalent to our current CA, whose traditional business continuity model, based on a primary and secondary data center, is replicated.
Both of our QTSPs are on the Trusted Service List maintained by the European Union, and each operates with two different data centers, a primary data center for day-to-day operations and a secondary data center to handle disaster recovery.
Specifically, the primary location of the current Namirial CA is in Milan, with the disaster recovery system installed in Senigallia. The new Namirial CA, on the other hand, has its primary location in Barcelona, while the disaster recovery system is in Naples.
Load-balancing architecture
The second CA is built on the PKI as a service (PKIaaS) model, an innovative service created by Uanataca S.A., a Namirial Group company that operates as a QTSP in Europe and Latin America. Through Uanataca, we help our clients to become a QTSP themselves by providing them with our infrastructure, cloud services, advice on business processes and legal and security procedures.
Through PKI as a Service, Uanataca provides PKI hosting, digital certificate issuance and management, centralized certificate custody, and remote electronic signature services to other QTSPs, including Namirial itself. When needed, the certificate issuance, digital signature and time stamp services offered by Uanataca will be made available from the WAF component, leaving the interface offered to customers unchanged and uniform. This is planned to ensure maximum continuity of services and enable our customers to cope with overloads, incidents and total or partial service interruptions, ensuring business continuity of critical business processes and required trust services.
The delivery of our qualified trust services is based on a central component called WAF (Web Application Firewall). This service is part of Namirial’s infrastructure and serves as a single interface for all our customers’ services, managing secure communication and intelligent sorting logic for incoming requests. The WAF makes the use of our new architecture completely transparent to our customers, who have no need for modifications or integrations.
The architecture is designed to minimize the impact on external stakeholders. The WAF interface leaves the entire process of issuing and using certificates unchanged from before, regardless of which of the CAs will provide the certificates. The second Certification Authority is mainly used in case of unavailability of the first one, to implement a load balancing and fallback mechanism.
Advantages of
Double Certification Authority
Guaranteed performance
CA performance is guaranteed because the workload is managed by Namirial, which always guarantees response time and availability.
Enhanced availability
CA availability is enhanced, ensuring that if a server fails or is taken offline for maintenance, requests are automatically redirected to another server.
Security Elevated
Distributing the workload across multiple servers reduces the risk of having a SPOF (Single Point Of Failure).
Increased Scalability
The PKIaaS model provides the CA with the scalability needed to meet a growing demand for services.