Uncover blind spots, reduce risk, and build resilience  Read The CISO’s Guide to Cryptographic Risk

CUSTOMER STORY

How OVHcloud Strengthens Security and Ensures Cloud Sovereignty with Keyfactor EJBCA

THE CHALLENGE

No Centralized PKI, Rising Compliance Pressure

Before adopting Keyfactor, OVHcloud relied on a mix of self-signed certificates and third-party providers to manage its PKI needs. While this approach supported operational demands, it introduced complexity and made it challenging to maintain consistency, control costs, and ensure comprehensive security across their expansive infrastructure.

OVHcloud needed a  flexible, enterprise-grade PKI solution that fit its open-source DNA, could be deployed across its private cloud, and supported automation to keep pace with a fast-moving infrastructure.

By implementing a unified, in-house PKI solution with Keyfactor, OVHcloud gained greater visibility, efficiency, and trust in its certificate management processes.

Company Overview: A Global Cloud Service Provider

OVHcloud is the largest European cloud hosting provider, delivering hosted private cloud, public cloud, and dedicated server solutions to over 1.5 million developers. As of 2021, OVH had 30 data centers in 19 countries hosting 300,000 servers.

OVHcloud’s network team is responsible for end-to-end security across its global cloud infrastructure, from private and public cloud platforms to bare-metal servers, ensuring trusted services for enterprises and public-sector customers worldwide.

The Solution: Keyfactor EJBCA Enterprise

After evaluating the market, OVHcloud chose EJBCA Enterprise. The decision was driven by several factors: its open-source roots and large community, its reputation as a widely deployed and trusted PKI solution, support for sovereignty requirements, and the enterprise support and advanced features available in the Keyfactor Enterprise edition.

What attracted us to EJBCA was its open-source solution with a large community, since this is part of the OVHcloud DNA. EJBCA gave us the services we were looking for, plus the support and features we needed from an enterprise provider.

Aymen Ben-Assila,  Network Manager at OVHcloud

Use Cases: Securing OVHcloud from Inside Out

EJBCA is mission-critical at OVHcloud. Certificates secure access for employees and authenticate machines across the company’s global infrastructure, ensuring that only trusted identities interact with critical systems. They also protect internal services and applications by enabling encrypted communication and establishing trusted identities across private cloud environments.

Just as importantly, OVHcloud leverages EJBCA to meet strict regulatory requirements: by operating its own end-to-end certification authority on certified infrastructure, the company demonstrates compliance with standards such as PCI DSS and SecNumCloud during audits.

One of the value propositions of EJBCA is that it fits our model. We’ve been able to run it on our private cloud, and recently switched to the enterprise edition on our infrastructure for added support and features.

Aymen Ben-Assila,  Network Manager at OVHcloud

Results: Control, Automation, and Compliance Readiness

Since deploying EJBCA Enterprise, OVHcloud has gained full visibility and control over tens of thousands of certificates used across its infrastructure. The platform allows teams to address internal use cases that were previously costly or difficult to solve with external providers.

The shift to Keyfactor’s enterprise edition has also improved automation, enabling OVHcloud to quickly generate, revoke, and rotate certificates, while supporting shortened lifespans mandated by new regulations.

Operational efficiency has been a key gain. Instead of manual or outsourced certificate management, OVHcloud now has an internal system aligned with its cloud DNA and sovereignty principles.

Automation is something we’re very keen on, because we want to be as responsive as possible and provide the best service to our customers. With EJBCA, automation is built in. We can manage lifecycles, revoke certificates, and create the sub-CAs we need for different services.

Aymen Ben-Assila,  Network Manager at OVHcloud

Future Readiness: Supporting Sovereignty and Post-Quantum

Sovereignty is a cornerstone of OVHcloud’s business. OVHcloud ensures that certificates, keys, and cryptographic operations remain entirely under its control by managing its own PKI with EJBCA.

Looking ahead, the company also sees EJBCA as a foundation for long-term cryptographic agility.

I would recommend Keyfactor and EJBCA for the mastery and availability it provides. It enables us to respond to sovereignty issues, meet certification levels, and prepare for future challenges like post-quantum cryptography.

Aymen Ben-Assila,  Network Manager at OVHcloud

Conclusion

By adopting Keyfactor EJBCA Enterprise, OVHcloud has moved from fragmented, ad-hoc certificate management to centralized, automated, and sovereign PKI platform. The solution secures employees, machines, and services internally, supports compliance with strict industry standards, and provides a scalable foundation for future use cases.

As OVHcloud continues to expand globally, EJBCA ensures that its infrastructure remains secure, compliant, and prepared for the next wave of cryptographic change.

Ready to see similar results?

Take the first step toward automated, scalable, and secure PKI.