XKMS Server - A Scalable XKMS validation authority
ADSS XKMS Server meets the W3C XKMS (XML Key Management Specification) for server-side validation of public key certificates. XKMS promises to make it easier for applications to use these e-trust security features using web-services rather than traditional PKI protocols. The standard also includes functionality that covers registration, certification, revocation and recovery services - these aspects are on the product roadmap.
Meets PKIX RFC 5280 Compliancy
Using the same proven ADSS XKMS Server product with a license enabled XKMS module ensures solid reliable performance, one that can be delivered as a virtual appliance, enabling the organisation to use a platform of choice that is patched to meet the security policy requirements and with CPU and memory resources to suit the need. The key difference between XKMS and OCSP validation is that an OCSP system only checks the revocation status of a certificate whilst ADSS XKMS Server performs a complete set of PKIX RFC 5280 validation checks on the target certificate, e.g.:
- Ensuring that a valid certificate chain can be constructed up to a trusted Root CA (includes checking the signature on each certificate and the name chaining rules)
- Ensuring that each certificate in the chain is within its validity timeframe
- Ensuring that each certificate in the chain is good and not revoked using either local or remote OCSP or CRL checking
- Ensuring that each certificate in the chain contains valid certificate extensions
Historic Validation by XKMS Server
ADSS XKMS Server can also perform historic certificate validation checks. A validation request can include a date/time in the past, such as immediately after the time of signing (plus any validation grace period) for an important document. This historic validation functionality is not possible within the OCSP standard but ADSS XKMS Server supports this within the OASIS DSS, XKMS and SCVP modules – using its advanced CRL monitoring and archiving module.
XML/SOAP based Interface
ADSS XKMS Server offers a standard XML/SOAP web services based interface, making it easier to integrate within web applications. Authenticated access controls can be enforced using IP address filtering and/or client SSL certificate and/or XKMS request signatures.
Certificate Quality Checking
An advanced extension within the ADSS XKMS Server supports certificate quality checking capability using the European PEPPOL project specifications. This allows the product to not only validate a certificate from a cryptographic trust standpoint but also determine whether the certificate meets acceptable quality levels. Certificate quality is measured based on the issuing Certificate Authority's CP/CPS, compliance to certain supervision schemes, and the underlying strength of the public key and hash algorithms used to produce the certificate and associated key lengths.
Why choose ADSS XKMS Server?
Provides assured throughput, scalability and resilience
These are essential qualities for a centralised e-trust security server. ADSS XKMS Server is packed with features capable of ensuring it meets even the highest demands placed Managed Service Providers servicing multiple customer organisations.
It is easy to install, securely configure and manage
Completely GUI based, with its own purpose built installer ensures ADSS XKMS Server can be set-up and be operational in minutes. Automated tasks such as auto-archiving of transaction logs and real-time alerting ensure minimum operator time is required for maintenance or house-keeping.
Ensures low TCO & extensibility
Because of its modular architecture ADSS XKMS Server is licensed based only on the modules required. It can respond on behalf of multiple CAs thus reducing unnecessary hardware and software expenses in operating several responders. It can also be provide together with OCSP and/or SCVP services by simply updating the ADSS Server product license file to include these modules. This future proofing and investment protection is a standard capability of ADSS Server and is tremendously valuable since it allows and enables change as business needs change with no retraining.
If you need more details then review the detailed features page here and the other related links on the right of the webpage. Alternatively request a free trial or see live demos by clicking the buttons at the top of this page.
Ascertia previously used the name TrustFinder XKMS Server for this product. This name is now changed to ADSS XKMS Server to emphasise that this is just another module of our ADSS Server product.