It has been designed to operate as a robust validation hub solution capable of providing OCSP certificate validation services for multiple Certificate Authorities (CAs) concurrently. Simple or sophisticated validation policies are supported for each individual CA and ADSS OCSP Server provides a detailed historical record of all transactions together with an easy to use OCSP request and response viewer – essential for either billing and/or troubleshooting within managed service infrastructures or enterprise systems.
Respond for multiple CAs from a single ADSS OCSP Server instance. Configure separate validation policy for each CA, including unique OCSP signing keys and certificates. OCSP server certificates can be issued using a built-in CA and auto-renewed.
Retrieve certificate status information from the CAs using multiple methods, e.g. HTTP/S CRLs, LDAP/S CRLs, peer OCSP responders and real-time revocation information using the CA’s database. Configure which input feed to use on a per CA basis.
Meet latest RFC 6960 and CAB Forum white-list checking requirements. The OCSP Server can check if the certificate was actually issued by the CA (supports the Extended Revoked Definition extension of RFC 6960). This offers a countermeasure against recent attacks on some CAs where the result was the issuing of fake certificates.
IT Manager Nikken UK Ltd