Do you recognize these challenges?

Whether the connected thing is a vehicle, a refrigerator, a toy or a sensor, the manufacturing process may pose security challenges:

  • Issuance of birth certificates in a secure manufacturing network without Internet connectivity
  • On-device key generation is time consuming and a bottleneck in the manufacturing process
  • Cumbersome administration and maintenance of multiple Certificate Authorities (CA)
  • OPC UA (IEC 62541) Global Discovery Service (GDS) certificate management

Want to know more?

Customer case

How Danfoss secures their connected things with PKI for manufacturing

Danfoss has a wide portfolio of IoT-based solutions and products and requested Nexus to help support them with a flexible public-key infrastructure (PKI) platform. This would allow them to combine on-premise and SaaS-based Certificate Authorities (CA) in one PKI. Nexus set up a customer-specific PKI hierarchy and certificate management processes for Danfoss including an offline root CA as well as several online sub-CAs. In addition, several sub-CAs can be used for different use cases like securing IoT devices, signing software code and licenses.

Read full case here




How does it work?

A “Factory CA” issuing a “birth certificate” to the connected device when manufactured, ensures that the device can authenticate and securely communicate with an IoT application. It furthermore enables the device to authenticate for being onboarded to an IoT platform and/or become part of the operating environment. An “operational CA” can issue an operational certificate for the same device to be used for secure communication in this operating environment.

Nexus Smart ID IoT provides a factory CA where security requirements mandate an on-premise CA. Nexus GO IoT service, based on Nexus Smart ID IoT, can also provide PKI certificate lifecycle management throughout the devices’ lifetime. A “lifecycle CA” can augment the factory CA and provide revocation status service and renewal of certificates. Nexus Smart ID and the GO IoT service are based on mature, scalable, highly reliable, continuously tested and maintained products. The multi-CA solution helps you adapting the PKI hierarchy and request certificates via standard protocols. Nexus' solution offers administration, reporting and automation features and has a solid track record.


Webinar: Securing digitalization of manufacturing and IIoT

During this webinar, we talk about the challenges of merging OT with IT and show examples of where it can go wrong. We also discuss how PKI can enable trustworthy digital communication preventing security breaches.

Watch webinar on-demand


Why Nexus

The main advantages of Nexus GO IoT are:

High security

Is based on PKI certificates, which enable authenticated and encrypted device-to-cloud and device-to-device communication


Gets you started with PKI certificates as a service in a quick and easy way, using the trial service, to verify the actual certificate provisioning with your IoT application. Pay as you go.


Scalable and flexible solution, which supports multiple standards and enrollment protocols for various devices.