The ADSS RA Server acts as a gateway between PKI end-entities that include human users, servers or devices that require X.509 digital certificates and the back-end secure Certificate Authorities (CAs). It receives initial enrollment requests as well as revocation requests on from end-entities. Depending on the profile configurations these are then either automatically processed or queued for RA operators to manually approve/reject.
ADSS RA Server supports a range of protocols (SCEP, PKCS#10/PKCS#7 and CMC) to ensure requests from a wide range of devices can be accepted, such as routers, switches, firewalls, servers, databases, mobile phones, etc. For human subscribers both client-side and server-side key generation and certification is possible using a standard Internet browser interface, as well as face-to-face registration processes. ADSS Client SDK provides a Java and .NET API for easy integration of certificate registration, revocation and recovery services into any business application.
ADSS RA Server
Issuing X.509 certificates to devices (routers, firewalls, switches, mobile devices, web servers, DBMS etc.) can be managed via multiple interfaces including the widely-recognised SCEP standard interface and PKCS#10/CSR where key generation is on the device. For server-side key generation and certification, the RA Service API can be used to deliver PKCS#12/PFX files. Face-to-face registration and certification processes are also possible whereby RA operator(s) generate device certificates and provide them manually to device administrator(s) for import into devices.
Human end-users can be registered through a standard Internet browser. The registration HTML forms can be locally designed, meeting the local language and branding needs of the customer. The ADSS Go>Sign Service and applet is used to generate the keys locally on the client-side either in the browser keystore or any locally attached smart cards/tokens (accessed via Windows CAPI/CNG or PKCS#11 interface). Separately face-to-face registration processes for end-users are also supported.
Often business applications are the point where end-users are registered before being allowed to access business services. As such it is often business applications which need to request certificate services on behalf of their end-users. To achieve this an RA Web Service API is provided in both .NET and Java as part of the ADSS Client SDK. This API allows business applications to easily make certificate enrolment and revocation calls to the RA in a secure and authenticated manner. In addition to the web service interface, an optimised HTTP-based IETF CMC (Certificate Management over CMS) interface is also provided.
Verisec is building its next generation eID service for the Nordic market on Ascertia’s PKI technology. We have also integrated our Freja platform with Ascertia’s SigningHub solution to create a complete authentication and document signing application for our enterprise customers. The Ascertia team are real professionals and experts in their field – they have proven to be flexible and solutions oriented with a strong entrepreneurial corporate culture and an eye for detail that ensures the quality of the products and solutions they deliver.
Founder, Verisec AB