ADSS OCSP Server
Advanced OCSP validation authority
It has been designed to operate as a robust validation hub solution capable of providing Online Certificate Status Protocol (OCSP) certificate validation services for multiple Certificate Authorities (CAs) concurrently. Simple or sophisticated validation policies are supported for each individual CA and ADSS OCSP Server provides a detailed historical record of all transactions together with an easy to use OCSP request and response viewer – essential for either billing and/or troubleshooting within managed service infrastructures or enterprise systems.
FEATURES & BENEFITS
Validation hub for multiple CAs
Respond for multiple CAs from a single ADSS OCSP Server instance. Configure separate validation policy for each CA, including unique OCSP signing keys and certificates. OCSP server certificates can be issued using a built-in CA and auto-renewed.
Multiple options for revocation input feed
Retrieve certificate status information from the CAs using multiple methods, e.g. HTTP/S CRLs, LDAP/S CRLs, peer OCSP responders and real-time revocation information using the CA’s database. Configure which input feed to use on a per CA basis.
White-list checking
Meet latest RFC 6960 and CAB Forum white-list checking requirements. The OCSP Server can check if the certificate was actually issued by the CA (supports the Extended Revoked Definition extension of RFC 6960). This offers a countermeasure against recent attacks on some CAs where the result was the issuing of fake certificates.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.
Responds for multiple CAs with configurable validation policies
Retrieves revocation information using multiple interfaces and methods
Capable of white-list checking to ensure certificate was actually issued (using latest RFC 6960 extension )
Key Points
Responds for multiple CAs with configurable validation policies
Retrieves revocation information using multiple interfaces and methods
Capable of white-list checking to ensure certificate was actually issued (using latest RFC 6960 extension )
SOLUTION DEMOS
We have arranged self-service live demos for important use cases, give them a try!
- OCSP DemoAscertia provides an RFC 6960 compliant OCSP service for several CAs. You can also use your RFC 6960 compliant OCSP client applications against this service (see the note below). Alternatively you can perform a simple manual certificate validation using the web form below.
USE CASE
X.509 Certificate Validation
Validate X509 digital certificates by sending RFC 6960 based OCSP Request to ADSS OCSP Server:
OCSP Request identifying for revocation status checking
OCSP Response identifying the target certificates as “GOOD”, “REVOKED” or “UNKNOWN”