Certifying Authorities

A Production-Grade RA for Any CA-RA Setup

IDBroker, tuned for the express purpose of subscriber enrolment in a CA-RA architecture. Identity proofing, evidence capture, maker-checker review, and certificate issuance hand-off — in production at LankaPay and other licensed CAs.

Contact Us
Registration Authority

Why CAs Need a Purpose-Built RA

A Generic KYC Tool Is Not Enough

A Certifying Authority's Registration Authority is not just a KYC frontend — it is the regulator-facing identity-vetting layer for digital certificates. The bar is higher than commercial KYC.

CP/CPS Alignment

Identity vetting requirements are fixed by the CA's Certificate Policy and CPS. The RA must execute exactly what is written, every time, with audit evidence.

Regulator-Grade Evidence

Regulators audit CAs against documented procedures. Every captured document, check result, approval decision needs to be preserved in tamper-evident form.

On-Prem Data Residency

Many CAs operate under data residency obligations that prevent public-cloud deployment. The RA needs to run cleanly in the CA's data centre.

Pluggable CA Backend

The RA must hand verified applications to the CA for key generation and certificate issuance. Standards-compliant interfaces avoid CA-specific glue code.

Renewal & Revocation Lifecycle

Subscriber identity needs to be reverified at renewal. Revocation requests need their own controlled workflow. Both are integral to the RA's responsibilities.

Multi-Tier Approvals

High-assurance certificates often need two-eyes or three-eyes approval flows. The RA must enforce this without slowing down lower-assurance issuance.

How IDBroker Fits

Deployed, Audited, Proven

CP/CPS-Driven Configuration

Field definitions, document checklists, verification checks, and approval rules are configured per the CA's CP/CPS — no engineering work to align with a new regulator's playbook.

Tamper-Evident Audit Pack

Every step is recorded in a digitally signed evidence pack. Regulator audits get answered with a single export — not weeks of screenshot collection.

On-Prem Deployment

Full feature parity in the CA's data centre. Same APIs, same admin console, same release cadence — just running on the CA's own infrastructure.

Pluggable CA Interface

Out-of-the-box integration with eMudhra's emCA, plus standards-compliant interfaces for third-party CAs. The RA does not get locked to a specific CA vendor.

Multi-Assurance Workflows

Run low-assurance issuance with automated approval and high-assurance issuance with multi-eye review — from the same platform, configured per certificate class.

Full Lifecycle Coverage

Initial enrolment, renewal, re-verification, suspension, and revocation flows — all reusing the same identity store and audit machinery.