ADSS OCSP Server

Online Certificate Status Checking

Advanced OCSP validation authority

ADSS OCSP Server is an advanced x.509 certificate Validation Authority server, that fully conforms to the IETF RFC 6960 standard. It is also FIPS 201 Certified (APL #1411) and approved for use by US federal agencies for HSPD-12 implementations.

It has been designed to operate as a robust validation hub solution, capable of providing OCSP certificate validation services for multiple Certificate Authorities (CAs) concurrently! Simple or sophisticated validation policies are supported for each individual CA and ADSS OCSP Server provides a detailed historical record of all transactions together with an easy to use OCSP request & response viewer – essential for either billing and/or troubleshooting within managed service infrastructures or enterprise systems.

Key Points

Responds for multiple CAs with configurable validation policies
Retrieves revocation info using multiple interfaces and methods
Capable of white-list checking to ensure certificate was actually issued (using latest RFC 6960 extension )

Key Points

Responds for multiple CAs with configurable validation policies
Retrieves revocation info using multiple interfaces and methods
Capable of white-list checking to ensure certificate was actually issued (using latest RFC 6960 extension )

FEATURES & BENEFITS

Validation hub for multiple CAs

Respond for multiple CAs from a single ADSS OCSP Server instance. Configure separate validation policy for each CA, including unique OCSP signing keys and certificates. OCSP server certificates can optionally be issued using a built-in CA and auto renewed.

Multiple options for revocation input feed

Retrieve certificate status information from CAs using multiple methods, e.g. HTTP/S CRLs, LDAP/S CRLs, peer OCSP responders and real-time revocation information using CA’s database. Configure which input feed to use on a per CA basis.

White-list checking

Meet latest RFC 6960 and CAB Forum white-list checking requirements. The OCSP server can check if the certificate was actually issued by the CA (supports the Extended Revoked Definition extension of RFC 6960) a countermeasure against recent attacks on some CAs which resulted in the issue of fake certificates.

ADSS OCSP Server DEMO

OCSP Demo

Ascertia provides an RFC 6960 compliant OCSP service for several CAs. You can also use your RFC 6960 compliant OCSP client applications against this service (see the note below). Alternatively you can perform a simple manual certificate validation using the web form below.

USE CASE

X.509 Certificate Validation

Validate X509 digital certificates by sending RFC 6960 based OCSP Request to ADSS OCSP Server:
OCSP Request identifying for revocation status checking
OCSP Response identifying the target certificates as “GOOD”, “REVOKED” or “UNKNOWN”
Our experience with ADSS Server product and its availability and performance is that I as an IT Professional & as Nikken’s IT manager for 9 years, that Ascertia are the standards by which all companies in this industry sector, should consider setting their standards by

Andy Butterworth
IT Manager Nikken UK Ltd

Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.