ICAO compliant PKI implementation, support, and technology transfer in Vietnam

About FPT

During 27 years of development, FPT Information System Corporation (FPT IS) is proud to be the leading system integrator and solution provider in Vietnam and the region. Possessing technological capabilities recognized by global customers and partners, FPT IS has designed and deployed a large number of overall IT projects, IT services and solutions for key sectors of the countries where it operates, including public sector, telecommunications, banking – finance, healthcare, transportation, utilities and enterprise.

Solutions “Made by FPT IS” are researched, developed, applied the cutting-edge technology trends and platforms, which gradually affirms their outstanding advantages compared to other products in the market, meets the diverse needs of domestic and foreign customers.

Leading digital transformation in Vietnam.

Customer Requirements

The customer needed to set up a system for ePassport/eID to be operated in line with the ICAO standard. They have opted for EJBCA as the ICAO compliant PKI managing CV certificates. However, the implementation of the ePassport/eID in line with the ICAO standard having is difficult task, where experts with deep understanding of the whole ecosystem and the underlying technology are essential. The customer requested the installation and configuration of the CSCA, CVCA, DVCA, and SPOC CA in the highly available and failover setup. Further tasks included consulting and advisory on CryptoToken integration, preparation of certificate and end entity profiles, set up approvals and workflows with all the roles and access rights. Additional tasks included publisher’s configuration, integration with the inspection systems and with the monitoring and logging solution as well as the terminal control center. The whole set up needed to be designed, but it was also essential to hand over the essential knowhow to the local team to manage and maintain the solution on site.


3Key team with deep knowledge of the EJBCA and SignServer technology provided a design of the overall ICAO PKI architecture documented the whole solution. Our experts also assisted with the deployment and configuration of the solution. Once the architecture had been finalized and CSCA, CVCA, DVCA, and SPOC CA documentation has been prepared, an extensive training has been provided to the local team with the usage of virtualized environment to provide the customer with the hands-on experience. Based on the discussions with the customer the original scope has been extended also to design a SPOC and NPKD system based on OpenLDAP together with the API to simulate the communication between CMS and the foreign SPOC. The whole package is complemented by a remote support package, which ensures the customer will always have a top-notch assistance, if they run onto troubles with their ePassport/eID solution.

Solution Benefits

Get in touch with us!

We would be happy to help you succeed!

    enter your full name

    enter a valid email

    the topic of your message

    enter a brief message