Introducing the 2024 PKI & Digital Trust Report     | Download the Report


Enabling Cegedim to issue its own digital signature certificates and become a Trusted Service Provider

Interview with Stéphane Galmiche, Chief Technology Officer of eTrust by Cegedim


Finding a reliable PKI platform to issue certificates
for electronic signatures

Cegedim, aiming to scale its business and issue its own electronic signature certificates, sought to become an independent Trusted Service Provider under the EU Trusted Lists, which requires meeting over 800 stringent organizational and technical requirements. Cegedim wanted to see if Keyfactor’s EJBCA Enterprise solution could help Cegedim issue and manage its own certificates for eIDAS compliant digital signatures.

Company Overview

Founded in 1969, Cegedim is an innovative technology and services company in the field of digital data flow management for healthcare ecosystems and a business software publisher for healthcare and insurance professionals. Cegedim employs more than 6,000 people in more than ten countries and generated revenue of €555 million in 2022. Cegedim SA is listed in Paris (EURONEXT: CGM).


Keeping up with European digital identity regulations

eIDAS stands for ‘electronic identification and trust services’ and refers to a European Union regulation for electronic transactions. Enforceable since 2016, eIDAS defines the standards under which European Union member states recognize electronic identification, such as with electronic signatures or time stamps.

The European Union Trusted Lists (EUTL) includes over 200 Trusted Service Providers (TSPs) that are accredited to deliver services in compliance with the eIDAS electronic signature regulation. The eIDAS rules dictate that only a Trusted Service Provider can provide qualified certificates.

Cegedim launched eTrust by Cegedim, its electronic signature solution, in 2016 in partnership with a Trusted Service Provider to issue the certificates. eTrust by Cegedim meets the eIDAS requirements for any European company wanting to implement an electronic signature process by providing proof of the identity of the person signing the document.

eTrust by Cegedim creates electronic signature files and an accompanying digital signature workflow. This workflow decides the order of signatures and, for each signer, the documents they must sign or review, the type of certificate to use, the signer authentication method, any fields that need to be filled in or changed, and the list of recipients.

eTrust by Cegedim is used for all types of documents, such as sales contracts, engagement letters, or lease agreements. The SaaS signature service integrates into select Cegedim solutions such as TeamsRH for the safe electronic signature of human resources documents.

Cegedim was using a significant volume of eTrust by Cegedim certificates but was not yet allowed to issue them. In order to grow and scale its business, Cegedim decided to be its own independent Trusted Service Provider. But achieving that status meant gaining designation with the European Union Trusted Lists, an intense qualification process that involves fulfilling over 800 organizational and technical requirements.


A reliable PKI platform to issue certificates for electronic signatures

About four years ago, Cegedim started the process of becoming its own Trusted Service Provider. Cegedim evaluated several machine identity solution providers and ultimately selected Keyfactor.

Cegedim uses the Keyfactor EJBCA Enterprise platform as a turnkey PKI software appliance, which offers the flexibility and scalability Cegedim needed to enable fast certificate issuance and management for electronic signatures. The company has four instances of EJBCA, two for live production and two for acceptance.

We are very satisfied with the functionality of EJBCA. “ EJBCA is designed to fit with our company’s way of thinking, and we could easily integrate it into our existing architecture. Best of all we are now utterly independent when it comes to generating certificates.

Stéphane Galmiche, Chief Technology Officer, eTrust by Cegedim

Stéphane Galmiche is Chief Technology Officer of eTrust by Cegedim and has been with the company for ten years. He oversees the technical requirements to be in accordance with eIDAS and included on the European Union Trusted Lists.

Cegedim collaborated with Keyfactor for several reasons. Cegedim likes Keyfactor’s extensive knowledge of European compliance regulations and EJBCA’s compliance with eIDAS environments. EJBCA integrates with Cegedim’s technical architecture, and its functionalities align with the company’s goal of being its own certificate provider.

Cegedim’s signature service processes an estimated two million certificates per year. During a proof of concept, EJBCA proved more than capable of handling load testing at scale for the certificates.

“Cegedim provides its electronic signature service for leading companies around the world. EJBCA has the reliability to deliver the seven-day, 24-hour service our clients expect, and has the capability to accomplish the process for delivering certificates seamlessly,” says Stéphane Galmiche.

Business Impact

Achieving Trusted Service Provider recognition

In September 2021, Cegedim succeeded in earning its eIDAS qualification from the National Security Agency for Information Systems (ANSSI) and joining the European List of Qualified Trusted Service Providers.

“It’s a long process to become qualified as a Trusted Service Provider in Europe,” says Stéphane Galmiche. “It was a major advantage that EJBCA complied with many of the requirements of the European Union and helped move the process along.”

The valuable authorization places Cegedim on the list among the most trusted suppliers of digital identity technologies and allows Cegedim to create qualified certificates and seals for electronic signatures.

In a press release, Cegedim reported, “The certification marks the culmination of months of work spent creating a system for generating qualified certificates and seals for electronic signatures. This qualification is a key step for Cegedim and opens new horizons for developing myriad electronic signatures and digital identity solutions.”

Evolving digital identity services

Cegedim plans to expand its use of Keyfactor solutions and will be leveraging Keyfactor SignServer Enterprise, a digital signing engine, in the near future. SignServer will be used internally to help the organization with an automated digital signature workflow that complies with European regulations for qualified timestamps.

Stéphane Galmiche and his team are now intent on the next evolution of digital identities, which focus on people. The European Parliament has proposed an update to the eIDAS framework that aims to give at least 80% of citizens the option to use a digital identity to access key public services across European Union borders by 2030. Should this legislation go into effect, Cegedim will play a significant role in issuing eIDAS compliant identities and electronic signatures as a Trusted Service Provider.

Take the
next step

Learn how we can help you establish digital
trust with a highly scalable, reliable PKI solution