GlobalSign Dedicated Intermediate CAs (also referred to as Custom CA or Private PKI) is a managed PKI service that provides organizations with branded intermediate certificate authorities (ICAs), roots, and CA hierarchies. These are hosted and maintained by GlobalSign in WebTrust-audited, secure data centers. Organizations receive their own dedicated subordinate CA or full CA hierarchy, branded to their company name. The service supports both public trust and private trust configurations. With the exception of SSL inspection use cases (where the ICA is hosted on the customer's appliance), all roots and ICAs are hosted and managed by GlobalSign. Key use cases include: - Client Authentication: Exclusive subordinate CAs for certificate-based access control, typically using private trust hierarchies. - SSL/TLS Inspection/Decryption: GlobalSign hosts the root while the ICA is deployed on the customer's SSL inspection appliance. - Custom Certificate Profiles: Configuration of extended key usage, certificate policies, CRL distribution points, and short-lived certificates. - Branding: Companies that resell or bundle certificates can issue them under their own CA name. - Special Use Case Certificates: Private hierarchies support legacy configurations such as longer validity periods and smaller key sizes not permitted under CA/Browser Forum Baseline Requirements for public trust. Related solutions include Certificate Automation Manager, Auto Enrollment Gateway, and an IoT Identity Platform that leverage dedicated ICAs for certificate issuance and device identity management.