RFC 3161 TSA timestamp / IETF LTANS archiving / RFC 3280 CA certificate issuance

BROWSE BY:

Product Categories
All Products
Document Signing
Signature Verification
Long-term Archiving & Notary
Electronic Identity Validation
Email Signing, Verification and Archiving
Trust Infrastructure Servers

Client Products
Desktop Applications:
PDF Sign&Seal
File Sign&Seal
OCSP Clients:
ARP Standard Edtion
ARP Enterprise Edtion
Test & Management Tools:
OCSP Monitor
CRL Monitor
OCSP Client Tool
OCSP Crusher
TSA Crusher

Request a quotation:

Fill in a simple form to request pricing info

Test drive our software:

Evaluation software for many of our products

Take part in live demos of our software:

We have created some demo applications to show the power of our ADSS Server

LEARN ABOUT OUR SOLUTIONS BY BUSINESS NEED:

Discuss your business needs:

Let us know how we can be
of service

See example applications at work

See what can you do today with trust services

Discuss your technical support issue now

Talk to a product support representative

Discuss your product wish-list

Send us your product / solutions requirement

Become a Partner

Communicate with the Senior Management Team:

Discuss corporate vision, investor relations or business needs

Download Ascertia Root Certificate

Add this to your browser to trust Ascertia certificates

Overview
TrustFinder CA Server offers Certificate Authority (CA) features using a flexible web services interface. Using its simple XML/SOAP web interface the key generation and certification services can be easily integrated within a business application or dedicated Registration Authority (RA) application. Ascertia can also deliver project-based Registration Authority applications to meet specific business needs.

The biggest problem in deploying certificates to external end-users is the use of Internet browser key generation functionality. The many different end-user environments create issues during user enrolment for the user and corporate help desks. The in-built warning messages are also off-putting. TrustFinder CA removes dependencies on this functionality when issuing certificates to end-users because it generates keys and certificates on the server and delivers them as a standard PFX/PKCS#12 certificate file. This is a much more successful mechanism that is supported by all popular browsers.

The underlying technology for TrustFinder CA Server is the well-proven ADSS Infrastructure Server, and thus it automatically inherits all the important security management, performance and high availability features. It can be used with the TrustFinder OCSP Server module to have a complete certificate issuance and real-time certificate validation infrastructure. Optional Key Recovery services can also be provided as part of the TrustFinder CA web service.

Features & Benefits
TrustFinder CA Server features include:

Simple to Integrate:
Uses a high level XML/SOAP interface to make it easy to integrate within any business process or online registration system that already provides Know Your Customer (KYC) authorisation services. Custom RA applications can also be provided.

Server-side key generation:
Support complete server-side key generation and certification process so that there are no dependencies on browsers. This greatly simplifies the process as managing many different browser types and versions within a PKI solution soon becomes a real burden. Of course client-side key generation can also be optionally provided.

Set-up Root or Subordinate CAs:
TrustFinder CA can be used to set-up a Root CA and Subordinate CAs from the same instance. Alternatively an existing back-end Root CA can be utilised. Online processing of certificate applications can also be routed to a back-end CA if required, in this case TrustFinder CA acts as a front-end management proxy.

Multiple Certificate Profiles:
Ability to set-up multiple certificate profiles which govern the type of keys and certificate to be generated, their lifetime and other important parameters.

Multiple Certificate Templates:
Ability to set-up multiple certificate templates so that different types of certificates (e.g. email security, document signing, SSL / VPM client certificates, etc.) can be easily generated.

Proven Technology:
TrustFinder CA uses the well proven ADSS Server to deliver the underlying platform features such as optional dual controls, secure web-based management screens, secure event logging, trust anchor management, key and certificate management, secure operator logging and reporting as well as support for HSMs..

Interoperability:
TrustFinder CA generates standard certificates, private key files PFX/PKCS#12, and X.509 CRLs.

High-Availability:
TrustFinder CA can be easily implemented as a highly available service to meet demanding service level agreement needs. Multiple servers can work in parallel using standard load-balancing techniques and a resilient secondary site can also be established. Network HSMs, system platforms and database management systems can be used as required to meet availability requirements.

Maximum Security:
Certification services can be operated over SSL/TLS with client authentication, Operator access is also controlled with client certificates. Keys can be managed inside a secure FIPS approved HSM. Logs are tamper-evident. Dual Control operation is supported.

Multi-platform:
TrustFinder CA is available on Windows, Solaris and Linux. It supports multiple databases including SQL Server, Oracle, PostgreSQL and MySQL. It also supports multiple HSM vendors.

Deployment Scenario
The following diagram shows a typical scenario where TrustFinderOCSP Server is deployed as a central OCSP validation hub responding for multiple CAs using unique validation policies:


	TrustFinder CA Server Deployment
	(click to enlarge)

Product Information
Click here to see product datasheets, solution sheets and other information.

Product Evaluation
Click here to evaluate the product on trial version.