ADSS WebRA Server
Certificate registration, revocation & recovery
ADSS Web RA Server is an advanced registration authority application that harnesses the power of ADSS CA Server to directly issue and manage the lifecycle of certificates. It is designed to put organisations in control of how people, devices and things interact with trust infrastructures and to control registration and vetting, for enrolment of new, update or revocation of existing digital certificates.
ADSS Web RA Server provides the ability to fully brand the user interface, easily create service plans, vetting forms, subscriber and service agreements, this enables organisations to provide their subscribers with a rich enrolment process and ensure subscribers are aware of their terms of service at time of enrolment.
It provides an intuitive user experience for administrators and subscribers; administrators can easily build vetting forms and provide manual or automated issuance workflows for end user or server certificate enrolment.
The multitenant design of ADSS Web RA Server provides organisations with a delegated administration model, this enables organisations and service providers to segregate certificate administration into separate enterprises which can be managed separately.
The Server supports a range of protocols (SCEP, PKCS#10/PKCS#7) and many more are under development to ensure requests from a wide range of devices can be accepted, such as routers, switches, firewalls, servers, databases, IOT devices, etc. For human subscribers both client-side and server-side key generation and certification is possible using a standard Internet browser interface, as well as face-to-face registration processes.
Developers can easily integrate programmatically via the ADSS Web RA Server Rest API, this enables business applications to provide certificate lifecycle management.
Supports SCEP for device certificate request handling
Supports local key generation in browser (native browser keystores as well connect smartcard/USB tokens) using ADSS Go>Sign Service
Supports server-side key generation and certificate
Key Points
Supports SCEP for device certificate request handling
Supports local key generation in browser (native browser keystores as well connect smartcard/USB tokens) using ADSS Go>Sign Service
Supports server-side key generation and certificate
FEATURES & BENEFITS
Device registration & certification
Issuing X.509 certificates to devices (routers, firewalls, switches, mobile devices, web servers, DBMS etc.) can be managed via multiple interfaces including the widely-recognised SCEP standard interface and PKCS#10/CSR where key generation is on the device. For server-side key generation and certification, PKCS#12/PFX files are generated by the server, protected by a password which is set by the user and then downloaded over a secure authenticated session. Face-to-face registration and certification processes are also possible whereby RA operator(s) generate device certificates and provide them manually to device administrator(s) for import into devices.
End-user certification through browsers
Human end-users can be registered through a standard Internet browser. The vetting forms can be designed within ADSS Web RA Server, vetting forms can capture text, numbers, drop down selections and allow scanned copies of documents to be supplied during enrolment, this ensures the exact enrolment and vetting needs of the customer are met.
End users can generate keys and certificates locally using the ADSS Go>Sign Service and ADSS Go>Sign Client, together these are used to generate keys within Windows CAPI/CNG or PKCS#11 enabled smartcards.
Business application integration
Often business applications are the point where end-users are registered before being allowed to access business services. As such it is often business applications which need to request certificate services on behalf of their end-users. To achieve this ADSS Web RA Server provides a REST API. This allows business applications to easily make certificate enrolment and revocation calls to ADSS Web RA Server in a secure and authenticated manner.
USE CASE
ADSS Web RA Server
Send requests for X509 Digital Certificates from business applications, devices or directly by end-users. Keys can be generated and stored in HSM, USB/SmartCard, Windows Keystore. These keys can be referenced to create digital signatures on PDF, XML etc:
How it works
The ADSS Web RA Server functionality can be summarised as:
Register the details of all subscribers that request certificates
Provides enrolment and vetting of certificate subscribers
Allow requests for certificates to be approved or rejected using either automated processes or using manual processes with trusted Enterprise RA Operators
Supports face-to-face registration processes managed by the Enterprise RA operator(s)
Provides multitenant deployment of registration and vetting services
Communicate with the relevant CA to obtain certificates and then provide a suitable means of delivery to the requesting end-entities
Manage the certificate renewal process which may follow a different workflow depending on the end-entity capabilities
Manage the certificate revocation process which may be initiated by the certificate owner or a trusted Enterprise RA Operator
Built to deliver device enrolment via SCEP, other enrolment protocols under development
Everything you need to get started
Our experience with ADSS Server product and its availability and performance is that I as an IT Professional & as Nikken’s IT manager for 9 years, that Ascertia are the standards by which all companies in this industry sector, should consider setting their standards by.
Andy Butterworth
IT Manager Nikken UK Ltd
We enable our customers to digitally sign & protect documents & transactions, helping them to streamline business processes and provide trusted identity assurance
We enable our customers to digitally sign & protect documents & transactions, helping them to streamline business processes and provide trusted identity assurance