/ Features & Benefits
ADSS Web RA Server provides a sophisticated Registration Authority capability for registering users, devices and things for certificate services. It covers both initial enrolment and revocation request handling. Once approved by the RA system the requests are submitted to the CA for final processing.
RA specific features
Multitenancy
ADSS Web RA Server supports multiple enterprise by providing separate service plans to be created for each enterprise, which can be assigned its own subscriber and services agreement as well as being assigned unique vetting forms and enrolment workflow. Each service plan can then be assigned different certificate types and can be configured to handle different key-lengths/algorithms, name formats, certificate validity periods, approval processes etc. ADSS Web RA Server also provides the ability to create an Enterprise RA Operator who can be assigned access to each enterprise within a deployment. Each Enterprise RA Operator, however, is limited to accessing users, devices and things enrolling in their enterprise.
Detailed dashboards
The admin interface provides dashboards to indicate certificates nearing expiration, along with any general, renewal or revocation requests received.
The user interface provides dashboards to indicate certificates owned by the user that are nearing expiration or renewing and any device certificate requests that have been made.
Operator Logs
All interactions are securely logged in the ADSS Web RA Server database. System Operators and Enterprise RA Operators can view the operator log to see interactions with the system.
Subscribers with access to the end user portal can view activity in their own activity log.
ADSS Web RA Server authentication
System Operators and Enterprise RA Operators use client authenticated TLS to access the administrator portal. Subscribers access the end user portal with username and password, OTP via SMS and eMail are also supported for authentication operations, certificate renewals and revocation operations. Web RA Server can also be integrated into existing authentication schemes such as SAML, OpenID Connect etc. using the WSO2 Identity Server
Security & management
Strong crypto algorithm support
Support for the common cryptographic algorithms is provided including SHA1, SHA-2 (SHA-256, SHA-384, SHA-512), RSA keys up to 4096 bits and ECDSA up to 521 bits.
Strong operator authentication
ADSS Server operators are authenticated using certificates over a mutually authenticated TLS session. The operator’s private key and certificates can be on a hardware token for strong multi-factor authentication. ADSS Server performs full certificate validation, including revocation checking, before allowing operators to login to the console.
Role based access control
ADSS Web RA Server enables multiple operator roles to be defined. Each operator registered within the system is assigned a role. The role-based access control system enables very fine control over specific service modules that an operator can see and whether they have read, write, edit or delete capability for specific areas of functionality.
Dual control
ADSS Web RA Server implements dual control in a flexible and practical way, i.e. dual control can be applied selectively to enable administrators to review decisions made by other system operators against specific certificate requests.
Easy to install, manage and upgrade
ADSS Web RA Server is feature rich to minimise IT operations time. The product provides a simple installation wizard, intuitive operator and user interface is designed to minimise training and reduce helpdesk calls. The ADSS Web RA Server upgrade process for is built to enable easy upgrades to allow customers to run the latest versions of software.