The Challenge
As OVHcloud’s infrastructure expanded rapidly, certificate management was handled through a distributed set of certificate sources tailored to different teams and use cases. While this approach supported flexibility early on, increasing scale and regulatory expectations introduced new challenges around centralized visibility, auditability, cost control, and consistency.
What attracted us to EJBCA was its open-source roots, since this is part of the OVHcloud DNA. EJBCA gave us the services we were looking for, plus the support and features we needed from an enterprise provider.”
-
Fragmented PKI infrastructure
A mix of self-signed certificates and third-party providers limited visibility and introduced operational complexity.
-
Compliance and audit pressure
Meeting standards such as PCI DSS and SecNumCloud required greater control and demonstrable trust in certificate issuance.
-
Automation at scale
Manual or outsourced certificate processes could not keep pace with shortened certificate lifespans and infrastructure growth.
The Solution
Sovereign, Automated PKI at Scale
After evaluating the market, OVHcloud selected Keyfactor EJBCA Enterprise as the foundation for its internal PKI. The solution’s enterprise support and ability to run entirely within OVHcloud’s private infrastructure aligned with the company’s sovereignty requirements. EJBCA now serves as a mission-critical platform securing digital trust for employees, machines, and internal services.
I would recommend Keyfactor and EJBCA for the mastery and availability it provides. It enables us to respond to sovereignty issues, meet certification levels, and prepare for future challenges like post-quantum cryptography.”
Business Impact
Since deploying Keyfactor EJBCA Enterprise, OVHcloud has gained full visibility and control over tens of thousands of certificates across its global infrastructure. Automation has reduced manual effort and sped up certificate rotation to meet new regulatory mandates. OVHcloud has strengthened audit readiness with their centralized certificate review infrastructure.
“Automation is something we’re very keen on, because we want to … provide the best service to our customers. With EJBCA, automation is built in. We can manage lifecycles, revoke certificates, and create the sub-CAs we need for different services.”
-
Full control and cloud sovereignty
OVHcloud manages certificates, keys, and cryptographic operations entirely in-house, ensuring alignment with sovereignty principles.
-
Operational efficiency with automation
Automated lifecycle management supports rapid issuance, revocation, and shortened certificate lifespans without manual overhead.
-
Compliance and future readiness
The centralized PKI platform supports certifications such as PCI DSS and SecNumCloud while providing a foundation for post-quantum cryptography.
