XKMS Server - A Scalable XKMS validation authority

ADSS XKMS Server meets the W3C XKMS (XML Key Management Specification) for server-side validation of public key certificates. XKMS promises to make it easier for applications to use these e-trust security features using web-services rather than traditional PKI protocols. The standard also includes functionality that covers registration, certification, revocation and recovery services - these aspects are on the product roadmap.

Meets PKIX RFC 5280 Compliancy

Using the same proven ADSS XKMS Server product with a license enabled XKMS module ensures solid reliable performance, one that can be delivered as a virtual appliance, enabling the organisation to use a platform of choice that is patched to meet the security policy requirements and with CPU and memory resources to suit the need. The key difference between XKMS and OCSP validation is that an OCSP system only checks the revocation status of a certificate whilst ADSS XKMS Server performs a complete set of PKIX RFC 5280 validation checks on the target certificate, e.g.:

Ensuring that a valid certificate chain can be constructed up to a trusted Root CA (includes checking the signature on each certificate and the name chaining rules)
Ensuring that each certificate in the chain is within its validity timeframe
Ensuring that each certificate in the chain is good and not revoked using either local or remote OCSP or CRL checking
Ensuring that each certificate in the chain contains valid certificate extensions

Historic Validation by XKMS Server

ADSS XKMS Server can also perform historic certificate validation checks. A validation request can include a date/time in the past, such as immediately after the time of signing (plus any validation grace period) for an important document. This historic validation functionality is not possible within the OCSP standard but ADSS XKMS Server supports this within the OASIS DSS, XKMS and SCVP modules – using its advanced CRL monitoring and archiving module.

XML/SOAP based Interface

ADSS XKMS Server offers a standard XML/SOAP web services based interface, making it easier to integrate within web applications. Authenticated access controls can be enforced using IP address filtering and/or client SSL certificate and/or XKMS request signatures.

Certificate Quality Checking

An advanced extension within the ADSS XKMS Server supports certificate quality checking capability using the European PEPPOL project specifications. This allows the product to not only validate a certificate from a cryptographic trust standpoint but also determine whether the certificate meets acceptable quality levels. Certificate quality is measured based on the issuing Certificate Authority's CP/CPS, compliance to certain supervision schemes, and the underlying strength of the public key and hash algorithms used to produce the certificate and associated key lengths.

Why choose ADSS XKMS Server?

Provides assured throughput, scalability and resilience

These are essential qualities for a centralised e-trust security server. ADSS XKMS Server is packed with features capable of ensuring it meets even the highest demands placed Managed Service Providers servicing multiple customer organisations.

It is easy to install, securely configure and manage

Completely GUI based, with its own purpose built installer ensures ADSS XKMS Server can be set-up and be operational in minutes. Automated tasks such as auto-archiving of transaction logs and real-time alerting ensure minimum operator time is required for maintenance or house-keeping.

Ensures low TCO & extensibility

Because of its modular architecture ADSS XKMS Server is licensed based only on the modules required. It can respond on behalf of multiple CAs thus reducing unnecessary hardware and software expenses in operating several responders. It can also be provide together with OCSP and/or SCVP services by simply updating the ADSS Server product license file to include these modules. This future proofing and investment protection is a standard capability of ADSS Server and is tremendously valuable since it allows and enables change as business needs change with no retraining.

If you need more details then review the detailed features page here and the other related links on the right of the webpage. Alternatively request a free trial or see live demos by clicking the buttons at the top of this page.

Important Notice

Ascertia previously used the name TrustFinder XKMS Server for this product. This name is now changed to ADSS XKMS Server to emphasise that this is just another module of our ADSS Server product.

Overview
Product Manual
Knowledge Base
Solution Sheets
Verification Service Providers need ADSS Server
Creating PEPPOL Compliant Solutions
Data Sheets
ADSS Infrastructure Server datasheet

Product Categories

Solution Categories

Server Products

Desktop Products

At Your Service

Popular Keywords:

Digital Signature Solutions - Digital Signature Verification - Electronic Signature - OCSP Responder - PDF Digital Signatures - PDF Signing - Timestamp Server Validation Authority - XML Signing - Cloud-base Contract Signing

Copyright © 2002-2013 Ascertia. All rights reserved.

Company | Privacy Statement | Contact Us

Ascertia is a global provider of Digital Signature products and solutions that enable trust within electronic workflows. Organisations can now safely cross the final hurdle in migrating old paper-intensive approval processes to the new secure digital world. Ascertia’s Digital Signing products are designed to be easy to integrate and use in a range of business scenarios.