Your CA. Our Platform.

Name: Koios BYOCA
Brand: Koios

Integrate your existing certificate authority with Koios. Keep your chain of trust intact. Get managed lifecycle automation for every device in your fleet.

Get Started Free Talk to an Engineer

You Already Have a PKI. You Shouldn't Have to Abandon It.

Most IoT platforms force you onto their certificate authority. That means ripping out your existing PKI, re-issuing certificates, re-certifying for compliance, and explaining to your security team why the chain of trust changed.

Koios BYOCA integrates with your existing CA hierarchy. Upload your root and intermediate certificates, and Koios issues device certificates under your chain of trust. Your compliance posture doesn't change. Your security team doesn't lose sleep.

BYOCA Capabilities

All the benefits of managed PKI, with your existing certificate authority.

Upload Root & Intermediate CAs

Import your existing root and intermediate certificate authorities. Koios uses your chain of trust for all device certificate issuance.

Chain of Trust Preserved

Your existing PKI hierarchy stays intact. Koios issues device certificates under your CA, not ours. Your compliance posture doesn't change.

Automated Lifecycle

Even with your own CA, you get full lifecycle automation — issuance, renewal, rotation, revocation — all managed by Koios.

Tenant Isolation

Support multiple CA hierarchies within a single Koios organization. Each product line or customer gets their own chain of trust.

Policy Controls

Define issuance policies, key algorithms, validity periods, and naming constraints. Enforce your security requirements at the platform level.

Full Audit Trail

Every certificate operation is logged against your CA. Who issued it, when, to which device. Complete traceability for compliance audits.

How It Works

Integrate your CA in three steps.

Upload CA Certificates

Import your root and intermediate CA certificates into Koios. Your private keys stay with you — we only need the public chain.

Configure Policies

Set issuance policies, key types, validity periods, and naming constraints that match your existing PKI governance.

Issue Device Certificates

Provision devices with certificates issued under your CA hierarchy. Individually, in bulk, or via API integration with your manufacturing line.

Managed CA vs. BYOCA

Choose the approach that fits your infrastructure. You can use both within the same organization.

Feature	Managed CA	BYOCA
Setup time	Minutes — Koios creates and manages the CA	Import existing CA certificates
Chain of trust	Koios-managed hierarchy	Your existing PKI hierarchy
Key management	Koios HSM-backed keys	Your keys + Koios HSM for device certs
Compliance	Koios security posture	Your existing compliance posture
Best for	Teams without existing PKI	Teams with established CA infrastructure

Enterprise-Grade Infrastructure

Deployed across a global edge network. Keys stored in dedicated HSMs. Every byte encrypted at rest and in transit.

HSM-Backed EncryptionGlobal Edge NetworkEncrypted at Rest & In TransitGDPR Compliant

Keep your PKI. Get managed device certificates.

BYOCA is available on Enterprise plans. Start with a free account to evaluate the platform.

Get Started Free View Pricing