ADSS RA Server

Overview

Advanced Registration Authority

Certificate registration, revocation & recovery

The ADSS RA Server acts as a gateway between PKI end-entities that include human users, servers or devices that require X.509 digital certificates and the back-end secure Certificate Authorities (CAs). It receives initial enrollment requests as well as revocation requests on from end-entities. Depending on the profile configurations these are then either automatically processed or queued for RA operators to manually approve/reject.

ADSS RA Server supports a range of protocols (SCEP, PKCS#10/PKCS#7 and CMC) to ensure requests from a wide range of devices can be accepted, such as routers, switches, firewalls, servers, databases, mobile phones, etc. For human subscribers both client-side and server-side key generation and certification is possible using a standard Internet browser interface, as well as face-to-face registration processes. ADSS Client SDK provides a Java and .NET API for easy integration of certificate registration, revocation and recovery services into any business application.

Key points:

  • Supports SCEP for device certificate request handling
  • Supports local key generation in browser (native browser keystores as well connect smartcard/USB tokens) using ADSS Go>Sign Service
  • Supports server-side key generation and certificate through high-level web services API
  • Supports face-to-face registration processes managed by the RA operator(s)
  • Allows multiple Registration Profiles to be configured
  • Capable of having separate categories of subscribers each managed by their own RA operator
  • Supports RSA keys 1024, 2048, 4096 bits
  • Supports ECDSA keys of 192, 224, 256, 384, 521 bits
  • Supports hash algorithm choice including SHA-1, SHA-2 (SHA-256, SHA-384 and SHA-512).
  • High availability, resilience and high throughput capability
  • User authentication and access control
  • Summary and detailed management reporting

How it works

The ADSS RA Service functionality can be summarised as:

  • Register the details of all end-entities that request certificates
  • Allow the requests for certificates to be approved or rejected using either automated processes or using manual processes with trusted RA Operators
  • Supports face-to-face registration processes managed by the RA operator(s)
  • Communicate with the relevant CA to obtain certificates and then provide a suitable means of delivery of these to the requesting end-entities
  • Manage the certificate renewal process which may follow a different workflow depending on the end-entity capabilities
  • Manage the certificate revocation process which may be initiated by the certificate owner or a trusted RA Operator

ADSS server architecture

ADSS Server is a powerful server application providing multiple e-Trust services as shown in the diagram below. Although it's a single product, its service modules are licensed individually and branded accordingly. Your investment in ADSS Server is therefore future-protected as you can license new service modules over time as your e-Trust business needs grow. Multiple ADSS service modules may be installed on the same ADSS Server instance, saving on hardware, software and management costs. All of the ADSS Service modules use the same GUI layout and style thereby making training simple for administrators. Ascertia tracks the latest industry standards and is committed to adding new service modules as required by our customers.

3rd Party Apps (Router, Switch, Database, Server, Mobile, Firewall, ERP, ECM, CRM etc.)
Core ADSS Server modules Trust Manager | Key Manager | Secure Logging | HSM & DB Manager | Reporting | Client Manger | Dual Control CRL Manager | Access Control | System Integrity Checker | Auto Archiver
PKI services (each separately licensed) e-Trust Services (each separately licensed) Base Modules of ADSS Server (available by default)

The above diagram shows a range of client applications (relying party application) using the ADSS RA Service module. Due to the wide acceptance of the standard, there are large number of client applications including Router, Switch, Database, Server, Mobile, Firewall etc. Click on any of the ADSS service modules to jump to the relevant product page.

The power of ADSS Server is that all of this functionality is available from one unified product, which minimises training costs, provides a single platform for management control and logging, and lowers the total cost of hardware and software ownership.

Request Info

Submit

Sales Inquiries:
+44 (0)800 772 0 442

15

+
Years of Digital Signature
Innovation