Desktop and Server Plug-in for advance certificate checking
Ascertia’s Advanced Revocation Provider (ARP) product provides powerful, easy to use, yet sophisticated OCSP and CRL services that enables Windows desktop applications to establish trust for digital certificates.
ARP has been designed to integrate with any Microsoft CAPI-based application via a CAPI plugin, and it also exposes a simple API that allows other applications to call the ARP Enterprise Edition Server. Its advanced functionality includes optional central management using Group Policy Objects (GPO), the ability to support complex validation policies plus a detailed historical log record of all recent transactions together with an easy to use OCSP request & response viewer.
ARP (Advanced Revocation Provider) is a highly effective product that enables real-time OCSP or CRL based revocation checking within Microsoft Office and other CAPI-based applications. As CRLs grow it is important to consider the use of OCSP systems to avoid network bandwidth and local performance issues. By installing ARP, you can make these applications more secure and useable for mission critical and high-value transactions.
Why Use ARP?
Many popular applications such as Microsoft Outlook, Internet Explorer and Word use digital certificates and credentials to identify people for signing and encryption operations. However these credentials can become compromised or revoked over time, e.g. as a result of a role change. It's essential to validate credentials in real-time before accepting any signed transactions. But the problem is that these and other popular applications do not always check if the credentials are still trustworthy at the time of review, for example, logging onto a workstation, opening a signed email, visiting a secure web site or verifying a signed Word document. ARP plugs this vital security gap automatically and it will check the end-entity certificate in real-time, every time thereby reducing your risk to fraud and liability. The key reasons to choose ARP are:
- Configure validation policies using both online OCSP servers and published CRLs
- Support for central policy setting using GPO, GUI locking and silent install
- Allows an organisation to configure which applications ARP provides validation services for (so that it is only invoked when needed)
- Provides a detailed transaction history viewer with a search facility and OCSP request/response viewer
- Able to use cached OCSP responses and cached CRLs using configurable cache periods
- ARP prioritises which method to use for validation, e.g. real-time OCSP, then OCSP Cache, then CRLs
- Dynamically determines the authoritative responder address using the certificate’s AIA extension or using locally configured OCSP responder address(es)
- Ability to configure multiple OCSP responder and CRL Repository addresses for resilient operations
- Works behind corporate proxies and firewalls with configurable authentication