ADSS CA Server / PKI Server

Certificate Issuance & PKI Lifecycle Management

 

Flexible certificate authority / PKI server

ADSS Certificate Authority (CA) Server offers certificate lifecycle services using a flexible web services interface. Using this simple XML/SOAP web services interface, the key generation and certification services can be easily integrated within a business application or used with a ADSS Registration Authority (RA) Server or even with 3rd party RA systems such as specialist smartcard management systems.

ADSS CA Server is a certified PKI Server to meet the CWA 14167-1 requirements for trustworthy systems making it suitable for use by Qualified Certificate Service Providers (CSPs).

Key points:

  • Conforms to RFC 5280
  • Allows creation of Root CAs or Subordinate Issuer CAs
  • Supports multiple logical PKIs consisting of CAs with their own certificate signing keys and other parameters from one ADSS Server instance
  • Provides ability to configure multiple certificate profiles
  • Supports multiple, configurable certificate templates e.g. SSL server/Client, EV SSL, email signing/encryption, IPSec, DRM, Code Signing, code signing, TSA certificates etc.; all popular certificate extensions are supported
  • Supports the ETSI Qualified Certificate extension
  • Provides simplified server-side key generation and client-side key generation (using Go>Sign Applet), avoiding the need for business applications to support multiple different ways that popular browsers use for key generation and certification
  • Supports X.509 CRL issuance and LDAP/HTTP publication according to defined schedule or automatically on every certificate status change; most popular CRL extensions are supported
  • Security management is CWA 14167-1 certified allowing Qualified CA services to be offered
  • Supports Hardware Security Module (HSM) based CA private key storage and processing, use of secure smart cards/tokens is also possible
  • Provides RSA certificate signing with keys of 1024, 2048, 4096 bits
  • Provides ECDSA certificate signing with keys of 192, 224, 256, 384, 521 bits
  • Supports multiple hash algorithms including SHA-1, SHA-2 (SHA-256, SHA-384 and SHA-512)
  • Provides time drift monitoring, alerting and service stop features
  • Supports detailed certificate management request/response logging, transaction viewers and auto log archiving
  • High availability, resilience and high throughput capability
  • Uses strong operator authentication and access control
  • Summary and detailed management reporting
  • Can be used together with ADSS OCSP Server to offer real-time certificate validation service and TSA Server for secure RFC 3161 timestamping service. Thereby providing a complete PKI solution, with all of the CA, OCSP and TSA service modules CWA 14167-1 certified

Our Location

Dubai Silicon Oasis Authority,
Headquarters Building
B Wing, Office No. 204
P.O. Box 341061 Dubai, U.A.E.
Tel:  +971 4 501 5457
Fax: +971 4 501 5456
Email: info@ispin.ae

Newsletter