Single Instance

In the emCA certifying authority (CA) standalone deployment architecture the emca application server, OCSP server, TSA server, and DB server are located in a secure zone. The highly trusted zone contains HSM. This environment is typically isolated from the rest of the network and is only accessible to authorized personnel.

Single Instance Deployment Architecture

A single instance deployment architecture is a simplified deployment model that involves installing all components of the emCA CA application on a single individual servers for each emCA component. This approach is suitable for small to medium-sized organizations with relatively low certificate issuance volumes.

Key Components:

  1. emCA CA App Server: The core component of the emCA CA application, responsible for generating and issuing certificates, managing the CA's certificate pool, and handling certificate lifecycle events.

  2. Timestamping Authority Server: Generates timestamps for digital signatures, ensuring the long-term validity and integrity of certificates.

  3. OCSP App Server: Provides an online certificate status protocol (OCSP) responder service to verify the revocation status of certificates.

  4. emCA DB Server: Hosts the emCA database, storing information about the CA's certificates, users, devices, and other relevant data.

  5. HSM (Hardware Security Module): A tamper-proof device that securely stores the CA's private keys and other sensitive cryptographic material, protecting them from unauthorized access.

  6. Offline-emCA: An offline version of the emCA CA application, enabling certificate generation in situations where the primary emCA CA server is unavailable.

  7. Internet/Intranet: The network to which the emCA application is connected, allowing authorized clients to access and obtain certificates.

Deployment Scenario:

  • All components are installed on a single individual servers within the organization's secure zone.

  • The server is protected by a router and firewall to restrict access and enhance security.

  • Authorized users can access the application through the internet or intranet to request and manage certificates.

Benefits of Single Instance Deployment:

  • Simplicity: Easy to implement and manage due to the centralized architecture.

  • Cost-Effectiveness: Lower initial investment compared to distributed architectures.

  • Suitable for Small Deployments: Ideal for organizations with moderate certificate issuance volumes.


  • Scalability: This may not be suitable for large-scale deployments with high certificate issuance demands.

  • Single Point of Failure: Potential for disruption if the server experiences hardware or software issues.

  • Security: Careful configuration and ongoing maintenance are crucial to maintain a robust security posture.

Last updated