SafeTech CA (Certificate Authority)

2025

Jatoba DBMS compatibility

SafeTech Lab and Gazinformservice successfully tested and confirmed the correctness and fault tolerance of the interaction of the SafeTech CA corporate certification center with the Russian Jatoba database management system. Gazinformservice announced this on November 26, 2025.

𝓲

Фото: Gazinformservice

As part of the testing, the uninterrupted operation of all SafeTech CA modules with Jatoba DBMS was checked for typical joint operation scenarios: initialization and updating of the database, as well as the prompt receipt and display of data in the user interface of the certification authority.

Due to the high degree of security and reliability of both solutions, as well as confirmed compatibility with a large list of domestic operating systems (Astra Linux, Alt, OSnova, Red OS, Rosa), the integration of SafeTech CA and Jatoba DBMS will allow customers to ensure the integrity and safety of data in their infrastructure on a completely import-independent technology stack.

We purposefully tested the interaction of SafeTech CA with Jatoba DBMS under extreme loads to ensure that the solution can work stably in the largest IT infrastructures. The integration of our products will allow companies that use Jatoba's high-performance DBMS to handle mission-critical data to easily deploy and scale a multifunctional certification authority in their environment, thereby significantly increasing the overall level of digital infrastructure security, said Alexander Sanin, CEO of SafeTech Lab.

The Yatoba secure DBMS, together with the SafeTech CA corporate certification center, take the cyber security of the IT landscape components to a new level, "commented Yuri Osipov, Jatoba product manager at Gazinformservice.

Implementation of full-fledged Autoenrollment technology certificates for Linux systems

SafeTech Lab on November 12, 2025 presented the release of a major update to the SafeTech CA corporate certification center. This functionality greatly expands the scenarios for using the service, and deep integration with other PKI infrastructure management tools allows you to achieve the maximum level of automation and flexibility of these processes.

A key change in SafeTech CA was the implementation of full-fledged Autoenrollment technology certificates for Linux systems. Together with Astra Group experts, mechanisms and numerous scenarios have been developed for automatically issuing, updating and tracking the status of user certificates and infrastructure components within the ALD Pro domain. Thus, customers received a convenient platform for solving Autoenrollment's certificates in a heterogeneous corporate environment based on mature and functional Russian products, fully complying with the security requirements and import substitution policy.

Enhanced integration with other directory services. So, for Microsoft Active Directory, a number of improvements and additions have been introduced to allow administrators to more fully configure certificate issuance policies, which makes SafeTech CA a much more flexible alternative to the built-in Certificate Services service. Specialized scenarios and tools for integrating components of the PKI infrastructure based on SafeTech CA have been prepared for Red ADM (Samba DC).

To fine-tune access rights within a domain, SafeTech CA has added the ability to assign Organization Unit certificate templates, which allows you to distinguish the use of various services in the organization's infrastructure using PKI.

In terms of providing secure user authentication to enterprise services, the functionality of the certification authority has also significantly increased. In partnership with Aktiv, a mechanism has been developed for issuing digital certificates for Rutoken hardware media directly through the SafeTech CA interface. Now there is no need to write certificates to tokens manually, this process is fully automated. To authenticate users using smart cards, SafeTech CA has developed scripts and added tools for implementing Smart Card Logon based on ALD Pro, Microsoft AD, Red ADM, FreeIPA, Samba DC domains. Unified support for this technology, enabling operations across all operating systems and domains, enables you to build and manage complex heterogeneous infrastructures.

An important step in optimizing work with web services was the support of the ACME protocol, which allows you to automatically release and SSLTLS update/certificates for web servers, ensuring the security and uninterrupted operation of any online resources of the organization.

The future SafeTech CA Roadmap includes in-depth development of PKI service processes, including centralized component configuration and certificate rotation, improved performance for high-load architectures, and enhanced integration capabilities.

The updated release of SafeTech CA marks the product's transformation into a versatile, multifunctional platform to manage digital certificates across complex hybrid infrastructures. The implementation of Linux Autoenrollment with status tracking and intra-domain certificate updates is a breakthrough, a welcome opportunity to provide customers with a completely new level of automation for domestic Linux environments that was previously only available in Windows infrastructures, "said Alexander Sanin, CEO of SafeTech Lab.

Compatible with Postgres Pro Standard

Postgres Professional and SafeTech Lab, a developer of modern software products for building a reliable and secure PKI infrastructure, announced the compatibility of their solutions on November 7, 2025.

The certificate issued by Postgres Professional confirms the correct operation of Postgres Pro Standard and SafeTech CA.

SafeTech CA is a SafeTech CA corporate certification authority capable of completely replacing Microsoft CA for - Windows informulations, as well as solving the problems of issuing and managing technology certificates for - Linux systems, mobile devices on/, iOSAndroid network equipment Cisco and other components - IT landschaft.

Postgres Pro is a domestic database management system. The flagship version of the DBMS, Postgres Pro Enterprise, includes more than 100 key developments for maximum reliability and high performance as of November 2025, which allows it to solve the most complex industrial problems in enterprises with high-load systems.

Compatibility with Indeed CM

SafeTech Lab and Indeed have confirmed the compatibility of their products - the SafeTech CA corporate certification authority and the Indeed Certificate Manager (Indeed CM) software package designed for managing the public key infrastructure (PKI). Indeed announced this on September 2, 2025.

The technological integration of Indeed CM and SafeTech CA allows domestic companies not to depend on the solutions of foreign suppliers. With these products, organizations can build a PKI infrastructure based on Russian software using the usual tools for automating the lifecycle management of technology certificates.

The integration of Indeed CM and SafeTech CA provides a number of advantages. In particular, organizations can:

• build a PKI infrastructure based on Russian software for the implementation of the import substitution strategy;
• Provide centralized certificate management in hybrid IT environments
• Reduce administration costs
• increase the level of information security.

Creating a reliable PKI infrastructure in a modern heterogeneous environment is not just a matter of replacing foreign solutions with domestic counterparts. The key task is to guarantee the technological compatibility of Russian products so that the transition is not only fast and seamless, but also brings real improvements to the processes of managing digital certificates. With the integration of SafeTech CA with Indeed CM, we can offer the market the best PKI security tools, "said Alexander Sanin, CEO of SafeTech Lab.

In the context of restrictions on the part of Western vendors, it is extremely important to ensure the import independence and security of the infrastructure of Russian companies. As part of our partnership with SafeTech Lab, we have expanded the capabilities of our Indeed CM software complex to interact with other products - it now supports work with the SA SafeTech Certification Center, "added Andrey Laptev, Director of the Product Office of India.

Axiom JDK Compatibility

SafeTech Lab and Axiom JDK (Axiom JSC) conducted test tests and confirmed the full technological compatibility of their products: the SafeTech CA corporate certification center and the Axiom JDK industrial Java platform. SafeTech Lab announced this on August 28, 2025.

𝓲

Фото: SafeTech

The joint use of SafeTech CA and Axiom JDK makes it possible to build a fully import-independent trusted PKI infrastructure in compliance with all current security standards. Customers can use a complete solution in environments with stringent requirements, INFORMATION SECURITY including facilities critical information infrastructure and government information systems, in full compliance with the law. RUSSIAN FEDERATION

SafeTech CA is built on a technology stack that actively uses the Java Runtime Environment, and Axiom JDK provides a stable and reliable execution environment for SafeTech CA software modules. The integration of solutions ensures the smooth operation of Java applications based on a secure and fault-tolerant platform, which allows you to meet the highest market requirements in terms of cross-platform, scalability, manageability and security of an enterprise certification authority.

Cooperation with the Axiom JDK team is an important step in the development of secure domestic solutions for PKI. The compatibility of SafeTech CA with the domestic Java platform Axiom JDK provides the basis for import substitution Microsoft CA and the creation of the Russian a secure corporate certification authority based on software products capable of operating in a complex heterogeneous IT infrastructure, commented Alexander Sanin the CEO of SafeTech Lab.

We build trust at the level of source code, updates and support. The paradox is that the more reliable the foundation becomes, the less users think about it - and this is the best characteristic of a mature platform. Cooperation with SafeTech Lab will create a trusted infrastructure for building corporate certification centers on a fully Russian Java stack. And customers will be able to get full support, seamless integration, regular updates that improve security and functionality, and compliance while minimizing the risk of dependence on foreign components, "said Aleksei Kuznetsov, director of partner relations at Axiom JDK.

SafeTech CA 3.0 with the ability to publish certificates to LDAP directories

SafeTech Lab (part of SafeTech Group) has released an updated version of its flagship product, the SafeTech CA Corporate Certification Authority. The update includes a completely redesigned user interface, advanced functionality and support for additional use cases. The developer announced this on July 29, 2025.

The main difference between the release is the emphasis on the convenience of managing certificates in the organization. In this version of SafeTech CA, user interfaces have become more flexible and functional. With the help of information rendered on dashboards, it is easier for administrators to manage certificates, obtain statistics and generate the necessary reports. Another important change is support for managing multiple CA instances through a single web interface. This functionality is designed specifically to optimize the work of administrators in large organizations with a distributed IT infrastructure.

In addition to upgrading interfaces, SafeTech CA 3.0 implements functionality to manage technology certificates in an enterprise infrastructure of any complexity.

• Significantly updated the UI-Gateway component, which is responsible for providing access to personal accounts of users and administrators, it has become more reliable and productive.
• Enhanced security event auditing to record a wide range of events and facilitate further monitoring.
• An SSH module has been added that allows you to release and work with SSH certificates and templates for controlling the access of privileged users. Additionally, in the menu for creating an SSH template, it became possible to flexibly specify the validity period of issued certificates.
• The MS Enrollment module has been improved in terms of supporting the ability to prohibit the export of private keys and adding the issued user certificate to the Active Directory attribute.
• It is possible to publish certificates to LDAP directories.

SafeTech CA 3.0 is fully adapted to work both in the classic virtualization environment (VMware, KVM, Hyper-V, etc.) and in the container (Docker, OpenShift/Kubernetes), which makes the deployment of the solution even faster and more convenient.

Microservice infrastructure allows you to scale the service, create any failover configurations and solve clustering problems in large geographically distributed IT infrastructures.

The new release is part of the implementation of a large-scale strategy for the development of SafeTech CA. Along with expanding functionality, we focused on the ergonomics of the product, developing intuitive and most convenient user interfaces. SafeTech CA is now not just a Russian alternative to Microsoft's certification authority, it is a qualitatively new, modern solution for the most effective management of technology certificates in a hybrid IT infrastructure of any complexity and scale, "said Alexander Sanin, CEO of SafeTech Lab.

ALD Pro Compatibility

Astra Group and SafeTech Lab on July 23, 2025 announced the completion of compatibility testing of their software products: ALD Pro Catalog Service and SafeTech CA Corporate Certification Authority. Read more here.

Red OS Compatibility

SafeTech Lab received a certificate of compatibility of the corporate certification authority SafeTech CA operating system Red OS with the company. Red Soft SafeTech Lab announced this on June 9, 2025.

In the process of comprehensive testing, all the necessary characteristics were checked and evaluated: stability of operation, performance and resistance to failures. The test results confirmed that SafeTech CA works correctly on the basis of RED OS.

The compatibility of SafeTech CA with RED OS means that Russian organizations have another opportunity to create a modern and reliable center for managing digital certificates in Linux infrastructures. Our solution meets all security requirements and legislative norms and is already used in many import substitution projects, "said Alexander Sanin, CEO of SafeTech Lab (SafeTech Group).

{{quote 'Integration of SafeTech CA with RED OS is an important step in the development of safe and reliable domestic IT solutions. Our operating system, combined with the enterprise certification authority SafeTech CA, allows you to create secure infrastructures that meet the most stringent requirements. This is another confirmation that RED OS is a stable and universal platform for building digital sovereignty, "commented Rustam Rustamov, Deputy General Director of RED SOFT. }}

OSnova Compatibility

Lab SafeTech (SafeTech Group) and JSC "" NPPCT on May 13, 2025 announced the completion of testing their products and confirmed the compatibility of the SafeTech CA corporate certification center with the Russian operating system "." Basis More. here

2024

SafeTech CA 2.0

SafeTech has released an updated version of its certification authority, SafeTech CA 2.0. The company announced this on November 19, 2024.

SafeTech CA (Certificate Authority) is a domestic certification authority. CA is a key component in the public key infrastructure - issues, suspends and revokes certificates used internally for various technological needs.

Since the announcement of the first version of the SafeTech CA solution in the spring of 2024, the SafeTech group of companies has conducted more than 40 pilot projects, in which it received many wishes from potential customers for functionality that they lacked as part of the operation of Microsoft CA. These wishes, as a quintessential of real practical needs, became the main drivers for the release of the updated version of SafeTech CA 2.0.

The first important change that appeared in this version of the product was the addition of a personal account for users. My account adds flexibility to the processes of issuing certificates, giving end users a simple and understandable web interface for generating certificate requests, coordinating these requests, tracking the status of the approval, etc. Thus, SafeTech CA 2.0 solved a perennial problem inherent in Microsoft CA, which did not allow adding stages by agreement as part of the procedure for requesting and issuing certificates.

In addition, SafeTech CA 2.0 has the ability to import the certificates and templates themselves from Microsoft SA. Now, when migrating from a foreign solution to a domestic one, there is no need for a long transition period, when two certification authorities work in parallel until the expiration of certificates issued by Microsoft SA. SafeTech CA 2.0 allows you to import issued certificates and templates from a foreign solution in minutes.

Also in SafeTech CA 2.0, Discovery Service has been improved - a mechanism for automatic tracking of the availability, location and state of microservices. With dynamic scaling, where services can be quickly added or removed due to load changes, Service Discovery in SafeTech CA 2.0 allows you to create any failover configurations and provide clustering according to the needs and tasks of a particular customer. Having its own monitoring and clustering mechanisms is an important functionality that allows you to apply the solution to any distributed infrastructures.

An intermediate version of SafeTech CA was 19.08.2024 released, which also implemented important functions - support for GOST crypto algorithms based on CryptoPro, support for storing CA keys in HSM modules, support for SCEP and OCSP protocols. Read more about this here.

With the release of SafeTech CA 2.0, we can safely say that in terms of functionality, flexibility and convenience, our solution today surpasses Microsoft CA. We are focusing on the implementation of the functions of the next release already planned in the roadmap, and are actively starting work on UI/UX to make our product even more convenient and ergonomic, "said Alexander Sanin, CEO of SafeTech Lab.

SafeTech CA Presentation

SafeTech has launched a new product SafeTech CA (Certificate Authority), a domestic certification authority. CA is a key component in the public key infrastructure - issues, suspends and revokes certificates used internally for various technological needs. The company announced this on April 24, 2024.

Microsoft SA is built into Windows Server, making it the de facto "default service" for most companies worldwide. After the suspension of sales of the company's products in Russia, the use of Microsoft services, including SA, became unsafe due to high risks of disruption of their performance.

The transition to domestic SA allows domestic business not only to reduce the risk of disruption of Microsoft services, but also to fulfill the requirements of legislation in the field of import substitution. SafeTech CA is not an adaptation of an open source solution, but a completely proprietary development. This is a 100% Russian product released by a company that has been creating solutions based on the public key infrastructure for more than 13 years, "said Alexander Sanin, CEO of SafeTech Lab.

The transition from Microsoft SA to SafeTech CA is completely seamless, since both certification authorities can work in parallel, which allows you to gradually replace previously issued certificates with new ones. SafeTech CA microservice architecture provides horizontal and vertical scalability, as well as allowing additional services to be placed in different segments.