ADSS XKMS Server provides a sophisticated real-time certification Validation Authority, fully conformant with W3C XKMS (XML Key Management Specification) and PEPPOL validation protocol. XKMS promises to make it easier for applications to use these e-trust security features using web-services rather than traditional PKI protocols. The standard also includes functionality that covers registration, certification, revocation and recovery services – these aspects are on the product roadmap.
ADSS XKMS Server provides all of the above functionality in a centralised manner. This allows business applications to delegate all of the responsibility for certificate path discovery and validation to this trusted Validation Authority. This greatly simplifies development of business applications that rely on PKIs, by hiding all the inherent complexity.
Respond for multiple CAs from a single ADSS XKMS Server instance. Configure separate validation policy for each CA, including unique XKMS signing keys and certificates. XKMS server certificates can optionally be issued using a built-in CA and auto renewed.
Dynamically build certificate paths using either information held within certificates (e.g. AIA cert issuer field) or from pre-configured LDAP repositories. Receiving intermediate certificates within request message as well as pre-registered on server is also supported. Each XKMS profile defines which of these options to use. ADSS XKMS Server has been subjected to independent evaluation and certification against the latest NIST Path Discovery test suite.
Complete RFC 5280 based certificate path validation. Supports all standard extensions like acceptable certificate policies, policy mapping, name validation, key usage, extended key usage and many others. ADSS XKMS Server has been subjected to independent evaluation and certification against the latest NIST PKITS test suite.
Perform complete validation of X509 digital certificate chain by sending XKMS Request to ADSS XKMS Server: