Deployment options

We offer the SwissPKI as a managed service but you can deploy and configure the solution using one of the available packages such as Docker, Linux or AWS.

The Docker or HELM packages ship with all necessary components to get you started within seconds.

If you plan to use an RPM or DEB distribution, we suggest you to setup a proxy server, a database server and optionally an LDAP server.

Detailed instructions on how to deploy your environment can be found by clicking on the images below.



Initial configuration settings

The bootstrap sequence registers the first SwissPKI administrator. Simply open the URL in a browser (https://www.yourdomain.com) to start the initialization process which consists of 8 simple steps:

Note: The default deployment uses a TOTP as a second factor for login into the application (alternative authentication mechanisms available).

License Agreement

Please read and accept the license agreement and click on “next”.

Primus Cloud HSM

If you wish to enable Primus HSM, please tick the box and provide a proxy user name and a proxy password. If you do not have a proxy user and password, you can contact us here.

Mail Server

Enter your mail server details. It will be used to send notifications to administrators. If you do not have an organization mail server, you can create one from Gmail and use the configuration described in the picture.

System Administrator

Enter the system administrator details.

System Administrator Confirmation

Upon the completion of the previous step, you should receive an email with a QRCode. Download Google Authenticator for iOS or FreeOTP for Android and scan this code. Your two factor authentication is now configured. Enter the generated code along with your username and password and click on next.


You are now done with your SwissPKI initialization. You can use the credentials you just created and start using the application.