Keyfactor

Certified Security Solutions (2001-2018)

Certified Security Solutions (CSS) was co-founded as a PKI consulting firm in 2001 by Kevin von Keyserling and Ted Shorter. From the outset, the company specialized in cybersecurity consulting for large enterprises. They focused on securing PKI and machine identities for large Microsoft enterprise environments, to help set up and manage their infrastructure. At the time, very few firms deeply understood Microsoft security internals, giving CSS a major advantage in the cybersecurity space. In 2006, this specialty was recognized by Microsoft, who awarded CSS Microsoft Certified Gold Partner status.^[1] In the same year, CSS was a Microsoft Security Solutions Technology Innovation Partner of the Year Finalist.^[2]

In 2008, CSS opened its first office, located in Ohio, where Keyfactor continues to be headquartered today.^[3] Kevin Von Keyserling also became the company CEO that year.^[4] Throughout the 2000s, CSS branched into other areas of cybersecurity. Identity & Access Management became a major service for the corporation, as active directory mismanagement and hacks would often bring entire corporations to a halt. CSS launched the Certificate Reporting Tool (CRT) in 2009, which was eventually integrated into Keyfactor's Certificate Management System (CMS), now known as Keyfactor Command.^[5]

A vulnerability in the Simple Certificate Enrollment Protocol (SCEP) was detected by the CSS team in 2012 and they worked with United States Computer Emergency Readiness Team to produce a vulnerability report on SCEP.^[6][7] The vulnerability used the SCEP system to access corporate servers or email. As a result of the vulnerability, Microsoft changed a number of its policies to protect users.^[8]

During this period, CSS began to create a foundation of cybersecurity services and solutions, focused on digital identity, which included public key infrastructure (PKI), certificate management, and IoT security solutions. Their success in these fields led to CIO listing CSS as one of its top cybersecurity companies for 2015, positioned third on their list.^[9] With a continued strategy of becoming a major cybersecurity company, CSS integrated with SAP HANA Cloud Platform for IoT in 2016.^[10]

Keyfactor (2018-present)

In 2018, CSS announced that it was to undergo a rebrand, changing its brand name to Keyfactor.^[11] It announced it had closed a funding round of $77 million in January 2019,^[12] which was led by Insight Partners.^[13] Later that year it was announced that Jordan Rackie would be stepping in as CEO, replacing Kevin von Keyserling, who would remain with Keyfactor as Chief Strategy Officer.^[14]

Around the time of the rebrand, Keyfactor continued to strengthen its enterprise and IoT security ecosystem. It joined Thales Security's alliance to integrate its PKI and certificate management solutions with HSMs.^[15] Keyfactor also launched its SCEP Validation Service to enhance secure certificate enrollment for Microsoft NDES environments. It also formally launched the Keyfactor Command product.^[16]

In July 2019, Keyfactor announced its first major acquisition since Insight Partners became the majority shareholder: Spain-based Redtrust, which operated as a digital identity firm, providing centralized certificate and digital signature management. The acquisition would broaden Keyfactor's customer base and service offering, with Redtrust having clients in highly regulated industries such as banking, insurance, infrastructure, and healthcare.^[17]

In April 2021, Keyfactor raised an additional $125 million via a funding round led by Insight Partners.^[18] Keyfactor then merged with PrimeKey, Swedish-based founder of open-source based PKI and signing software, EJBCA and SignServer.^[18]

By 2023, Keyfactor had become a leading expert in addressing challenges in the control of PKI and machine identities at scale.^[19] They announced in February 2024 that the company had surpassed $100 million in annual recurring revenue (ARR) for the first time.^[20]

With an increased focus in the industry on post-quantum cybersecurity, Keyfactor acquired Infosec Global from Merlin Ventures in May 2025.^[21] The deal was thought to be worth hundreds of millions, according to technology publication CTech.^[22] They also acquired CipherInsights , a passive network listener capable of identifying cryptographic risk factors in real-time, around the same period.^[23] In January 2026, Keyfactor announced a senior addition to its staff, with Michael Volanoski joining in a dual role as its president and chief revenue officer.^[24]

EJBCA

EJBCA is an open-source and enterprise public key infrastructure (PKI) software platform originally developed by PrimeKey, now part of Keyfactor. It is used to issue and manage digital certificates for things like IoT devices, enterprise users, servers, and secure communications. It supports large-scale, high-assurance environments and is known for flexibility, automation, and standards compliance. In short, it is the foundation of certificate management behind many secure systems.^[26]

Command

Keyfactor Command is a certificate lifecycle automation platform designed to help organizations discover, manage, and automate TLS/SSL and other digital certificates across hybrid environments. It reduces outages and security risks caused by expired or mismanaged certificates. Command integrates with CAs, DevOps tools, cloud platforms, and enterprise systems to centralize visibility and control. It provides a centralized overview of certificate activity and management across an organization’s entire certificate ecosystem.^[27]

Signum

Keyfactor Signum is an enterprise code signing platform that centralizes and secures signing operations through policy-based access controls. Lightweight client agents for Windows, Linux, and macOS integrate with native signing tools like Microsoft SignTool via CSP/KSP and PKCS#11, allowing developers to sign without changing their existing toolchains. Private keys are stored on an HSM and never leave its boundary, ensuring signing certificates remain protected even when surfaced to authenticated users and machines.^[28]

SignServer

SignServer is a server-based digital signing software platform, originally developed by PrimeKey. It leverages the Bouncy Castle cryptographic library for its core signing operations, enabling high-performance, centralized signing across use cases like document signing, code signing, timestamping, and e-passports. It supports hardware security modules (HSMs) for secure key storage and is built for scalable, automated environments. Certificates issued by a PKI platform such as EJBCA can be deployed to SignServer, where they are used to sign artifacts at high volume and speed.^[29]

Keyfactor AgileSec

Keyfactor AgileSec, originally developed by InfoSec Global and now a part of Keyfactor, helps organizations inventory and assess cryptographic assets across an organization’s entire IT ecosystem. This is especially important for post-quantum cryptography readiness and helps enterprises understand where and how encryption is used, and whether it meets current and future security standards.^[22]