ADSS WebRA Server
ADSS Web RA Server is an advanced registration authority application that harnesses the power of ADSS CA Server to directly issue and manage the lifecycle of certificates. It is designed to put organisations in control of how people, devices and things interact with trust infrastructures and to control registration and vetting, for enrolment of new, update or revocation of existing digital certificates.
ADSS Web RA Server provides the ability to fully brand the user interface, easily create service plans, vetting forms, subscriber and service agreements, this enables organisations to provide their subscribers with a rich enrolment process and ensure subscribers are aware of their terms of service at time of enrolment.
It provides an intuitive user experience for administrators and subscribers; administrators can easily build vetting forms and provide manual or automated issuance workflows for end user or server certificate enrolment.
The multitenant design of ADSS Web RA Server provides organisations with a delegated administration model, this enables organisations and service providers to segregate certificate administration into separate enterprises which can be managed separately.
The Server supports a range of protocols (SCEP, PKCS#10/PKCS#7) and many more are under development to ensure requests from a wide range of devices can be accepted, such as routers, switches, firewalls, servers, databases, IOT devices, etc. For human subscribers both client-side and server-side key generation and certification is possible using a standard Internet browser interface, as well as face-to-face registration processes.
Developers can easily integrate programmatically via the ADSS Web RA Server Rest API, this enables business applications to provide certificate lifecycle management.
Issuing X.509 certificates to devices (routers, firewalls, switches, mobile devices, web servers, DBMS etc.) can be managed via multiple interfaces including the widely-recognised SCEP standard interface and PKCS#10/CSR where key generation is on the device. For server-side key generation and certification, PKCS#12/PFX files are generated by the server, protected by a password which is set by the user and then downloaded over a secure authenticated session. Face-to-face registration and certification processes are also possible whereby RA operator(s) generate device certificates and provide them manually to device administrator(s) for import into devices.
Human end-users can be registered through a standard Internet browser. The vetting forms can be designed within ADSS Web RA Server, vetting forms can capture text, numbers, drop down selections and allow scanned copies of documents to be supplied during enrolment, this ensures the exact enrolment and vetting needs of the customer are met.
End users can generate keys and certificates locally using the ADSS Go>Sign Service and ADSS Go>Sign Client, together these are used to generate keys within Windows CAPI/CNG or PKCS#11 enabled smartcards.
Often business applications are the point where end-users are registered before being allowed to access business services. As such it is often business applications which need to request certificate services on behalf of their end-users. To achieve this ADSS Web RA Server provides a REST API. This allows business applications to easily make certificate enrolment and revocation calls to ADSS Web RA Server in a secure and authenticated manner.
The ADSS Web RA Server functionality can be summarised as:
Our experience with ADSS Server product and its availability and performance is that I as an IT Professional & as Nikken’s IT manager for 9 years, that Ascertia are the standards by which all companies in this industry sector, should consider setting their standards by.
Andy Butterworth
IT Manager Nikken UK Ltd
We enable our customers to digitally sign & protect documents & transactions, helping them to streamline business processes and provide trusted identity assurance
We enable our customers to digitally sign & protect documents & transactions, helping them to streamline business processes and provide trusted identity assurance