Scalable, Resilient OCSP Server
ADSS OCSP Server is a well-proven certificate Validation Authority / OCSP Server that fully conforms to the IETF RFC 2560 standard and is FIPS 201 certified (APL#583). ADSS OCSP Server can operate as a simple OCSP Server or it can be configured as a robust validation hub, capable of handling hundreds of simultaneous OCSP certificate validation requests per second for multiple Certificate Authorities (CAs).
A unique validation policy can be defined for each CA within ADSS OCSP Server for detailing the CRL handling policy and the OCSP request signing key and certificate. A detailed historical record of all transactions is maintained so that management reports can be produced and information can be exported for billing purposes on a per CA basis.
This product has all the features needed from an OCSP Server for enterprise or large public key infrastructure use. ADSS OCSP Server is a product package that comprises the tried and trusted ADSS Server with the OCSP and CRL Monitor modules enabled.
ADSS OCSP Server ensures solid reliable performance, one that can be delivered as a virtual appliance, enabling the organisation to use a platform of choice that is patched to meet the security policy requirements and with CPU and memory resources to suit the need.
Why Use OCSP?
Digital certificates can provide individuals and companies with trustworthy identities for use within the electronic world. However, these digital certificates can expire, be revoked, or can be stolen. In order for digitally signed transactions to become a part of everyday business life, users must have trust and confidence that the electronic identities (eIDs) of third parties are still valid and trusted for the transaction being conducted. CRLs are larger and less easy to manage when distributed to a wide range of users and servers, OCSP Servers reduce the data bandwidth required and make it easier for applications to check the trust status of certificates. Note that Ascertia's ADSS Server also provides SCVP, XKMS and OASIS DSS verification services which provide other alternative forms of certificate validation.
Why Use ADSS OCSP Server?
ADSS OCSP Server is a Java J2EE software based OCSP Server product that offers proven scalability and resilience. Its design enables high performance for one or multiple CAs using Active/Active load-balanced servers. It is increasingly deployed as a virtual appliance on an organisation's platform of choice including Windows, Solaris and Linux to deliver cost effective trust services that suit the organisation’s need.
Current users include governments, financial institutions, telcos, mobile operators, public CAs and managed service providers. Building a basic OCSP Server is easy, anyone can do it, however the key reasons these organisations rely on ADSS OCSP Server are because it:
Provides assured throughput, scalability and resilience
These are essential qualities for a centralised e-trust security server such as an OCSP Server. ADSS OCSP Server can be configured to ensure there is no single point of failure and that it meets even the highest performance demands placed by Managed Service Providers servicing multiple customer organisations with multiple Certificate Authorities.
It is easy to install, securely configure and manage
ADSS OCSP Server has been carefully developed to be easy to set-up and make operational. An installation wizard is provided together with a quick guide and a detailed admin guide. Configuration is easy with authorised operators using a secure web-based interface. An OCSP Server service for a new CA can be established in around fifteen minutes. No professional services are required to achieve this.
Authenticated access controls can be enforced using IP address filtering and/or client SSL certificate and/or OCSP request signatures. All common HSMs are supported and for high volume use they are recommended to offload response signature processing. As an option, real-time certificate status information can also be used as an alternative to CRL based information from the CA.
As part of the sophisticated logging and management an easy-to-use OCSP request & response viewer is provided that makes it very easy for technical specialists to handle any real-life interoperability issue that may arise between an OCSP client and the OCSP Server. This is known to save many hours of expert analysis and allows the task to be delegated to help desk admin staff – we recommend they are only given permission to view the log records.
HMAC security is employed for all configuration data and transaction logs. Dual control operations can be enabled as an option. Automated tasks such as auto-archiving of transaction logs and real-time alert handling ensure that operator intervention is kept to an absolute minimum. A detailed management reporting module is provided as standard that provides a dashboard level summary and allows other detailed service reports to be generated for a given date/time period.
Ensures low TCO & extensibility
Because of its modular architecture ADSS OCSP Server is licensed based only on the modules required. The OCSP Server can respond on behalf of multiple CAs thus reducing unnecessary hardware and software expenses in operating several servers. Our OCSP Server can also be extended to provide XKMS and/or SCVP services by simply updating the ADSS Server product license file to include these modules. This future proofing and investment protection is a standard capability of ADSS Server and is tremendously valuable since it allows and enables change as business needs change with no retraining.
If you need more details then review the detailed features page here and the other related links on the right of the webpage. Alternatively request a free trial or see live demos by clicking the buttons at the top of this page.
To know more about what features to have in an OCSP Responder, read our hot topic OCSP Responder - the must have features!
Ascertia previously used the name TrustFinder OCSP Server for this product. This name is now changed to ADSS OCSP Server to emphasise that this is just another module of our ADSS Server product.