ADSS CA Server / PKI Server


Certificate Issuance & PKI Lifecycle Management

Flexible certificate authority / PKI server

ADSS Certificate Authority (CA) Server offers certificate lifecycle services using a flexible web services interface. Using this simple XML/SOAP web services interface, the key generation and certification services can be easily integrated within a business application or used with a ADSS Registration Authority (RA) Server or even with 3rd party RA systems such as specialist smartcard management systems.

ADSS CA Server is a certified PKI Server to meet the CWA 14167-1 requirements for trustworthy systems making it suitable for use by Qualified Certificate Service Providers (CSPs).

Key points:

  • Conforms to RFC 5280
  • Allows creation of Root CAs or Subordinate Issuer CAs
  • Supports multiple logical PKIs consisting of CAs with their own certificate signing keys and other parameters from one ADSS Server instance
  • Provides ability to configure multiple certificate profiles
  • Supports multiple, configurable certificate templates e.g. SSL server/Client, EV SSL, email signing/encryption, IPSec, DRM, Code Signing, code signing, TSA certificates etc.; all popular certificate extensions are supported
  • Supports the ETSI Qualified Certificate extension
  • Provides simplified server-side key generation and client-side key generation (using Go>Sign Applet), avoiding the need for business applications to support multiple different ways that popular browsers use for key generation and certification
  • Supports X.509 CRL issuance and LDAP/HTTP publication according to defined schedule or automatically on every certificate status change; most popular CRL extensions are supported
  • Security management is CWA 14167-1 certified allowing Qualified CA services to be offered
  • Supports Hardware Security Module (HSM) based CA private key storage and processing, use of secure smart cards/tokens is also possible
  • Provides RSA certificate signing with keys of 1024, 2048, 4096 bits
  • Provides ECDSA certificate signing with keys of 192, 224, 256, 384, 521 bits
  • Supports multiple hash algorithms including SHA-1, SHA-2 (SHA-256, SHA-384 and SHA-512)
  • Provides time drift monitoring, alerting and service stop features
  • Supports detailed certificate management request/response logging, transaction viewers and auto log archiving
  • High availability, resilience and high throughput capability
  • Uses strong operator authentication and access control
  • Summary and detailed management reporting
  • Can be used together with ADSS OCSP Server to offer real-time certificate validation service and TSA Server for secure RFC 3161 timestamping service. Thereby providing a complete PKI solution, with all of the CA, OCSP and TSA service modules CWA 14167-1 certified

ADSS server architecture

ADSS Server is a powerful server application providing multiple e-Trust services as shown in the diagram below. Although it's a single product, its service modules are licensed individually and branded accordingly. Your investment in ADSS Server is therefore future-protected as you can license new service modules over time as your e-Trust business needs grow. Multiple ADSS service modules may be installed on the same ADSS Server instance, saving on hardware, software and management costs. All of the ADSS Service modules use the same GUI layout and style thereby making training simple for administrators. Ascertia tracks the latest industry standards and is committed to adding new service modules as required by our customers.

AET BlueX RA SystemADSS RA Server
3rd Party Apps
(Smartcard Management Systems etc.)
Core ADSS Server modules Trust Manager | Key Manager | Secure Logging | HSM & DB Manager | Reporting | Client Manger | Dual Control CRL Manager | Access Control | System Integrity Checker | Auto Archiver
PKI services (each separately licensed) e-Trust Services (each separately licensed) Base Modules of ADSS Server (available by default)

The above diagram shows a range of client applications (relying party application) using the ADSS CA Service module including AET BlueX RA System and other Smartcard Management Systems.

The power of ADSS Server is that all of this digital signature and PKI functionality is available from one unified product, which minimises training costs, provides a single platform for management control and logging, and lowers the total cost of hardware and software ownership.

Request Info


Sales Inquiries:
+44 (0)800 772 0 442


Years of Digital Signature