Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

achelos - company-wide public key infrastructure ©dmitrydesigner |
  • Technical contribution
  • Network and Application Security

Setting up a company-wide public key infrastructure (PKI) for Phoenix Contact

Phoenix Contact aims to provide standardised cybersecurity in products and industrial solutions to enable future-proof operation of machines, plants and infrastructures.


Phoenix Contact is a global market leader for components, systems and solutions in the field of electrical engineering, electronics and automation. The family- owned company currently employs around 20,300 people worldwide and generated 2.97 billion euros sales in 2021. Its headquarters are located in Blomberg, Westphalia. The Phoenix Contact Group includes 14 German and four international companies as well as 55 sales companies around the world. Internationally, Phoenix Contact is present in more than 100 countries.



Public key infrastructur achelos ©phoenix contact

Problem definition:

Phoenix Contact aims to provide standardised  cybersecurity in products and industrial solutions to  enable future-proof operation of machines, plants and infrastructures. In order to ensure that products and solutions are protected against professional cyber attackers, the requirements of the IEC 62443 standard, which is essential for the manufacturing industry, must be met. 
To prove the authenticity of hardware and software products Phoenix Contact relies on the use of high-quality electronic certificates and digital signatures. These certificates are used technically for secure device identity in accordance with IEEE802.1AR and secure firmware updates. To generate the electronic certificates, Phoenix Contact therefore planned to set up a company-wide public key infrastructure that could permanently fulfil the required high level of protection. One of the most important requirements in this project was to seamlessly integrate device registration into an industrial production process.
“Building a scalable and secure PKI for device identities and infrastructure for signatures of software and firmware is a challenging task. This made it all the more important to find suitable technical products and a suitable partner for the implementation project and ongoing support.” Dr.-Ing. Lutz Jänicke, Corporate Product & Solution Security Officer, Phoenix Contact



Phoenix Contact chose products from PrimeKey, now Keyfactor, to procure the public key infrastructure.  EJBCA Appliance and SignServer Appliances were selected because of their product maturity, global deployment, and extensive PKI features and integration capabilities. The security certified HSMs used and the certified EJBCA software provided the perfect match for implementing the high level of security and ensuring highly available operation. The company achelos, which also supplied the systems as a certified Keyfactor partner, was assigned with the IT and security planning, configuration and installation, and commissioning. Phoenix Contact thus had a central point of contact for the entire duration of the project, who had both the necessary knowledge of cyber security and the Keyfactor products. achelos will also be looking after the PKI, which has now been put into operation, during the operational phase by providing further support services.


About achelos:

achelos is a manufacturer-independent consulting and software development firm with headquarters in  Paderborn, Germany. The IT security experts develop and operate highly specialised products, solutions and services that comply with international security standards. achelos offers manufacturers and integrators in the automation industry comprehensive support for setting up new and migrating public key infrastructures - from planning, through provision, all the way up to secure operation. Application-specific requirements and standards are taken into account here alongside existing processes and certifications. In this way, achelos creates customer-optimised,  individual key management solutions. achelos is also certified to ISO 9001, ISO 27001 and Common Criteria.


This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.