Real-time status check of X.509 certificates
Validity depends on the integrity of the certificate, its period of validity and its revocation status. It can be determined on the basis of a static certificate revocation list (CRL) or in real time using the OCSP protocol. Keyon’s OCSP Server is a scalable high-performance server that can be integrated directly into the relevant CA database and securely transmits the requested certificate status to the clients on the basis of a set of rules.
Benefits
Scalable and high-performance solution
Handles large numbers of OCSP status requests in an Enterprise and IoT environment.
Compliance with CA/Browser Forum Baseline Requirements
Meets the high standards of the CA/Browser Forum
Web-based administration
Role-based, intuitive GUI for administration and reporting
OCSP Validation Server
OCSP is a protocol for on-line checking of the current validity status of an X.509 certificate. The OCSP Validation Server from Keyon offers extensive functionality for demanding environments.
With the status inquiry via OCSP it can be determined whether a certificate is still valid or blocked. Compared to the status inquiry through certificate revocation lists (CRL), OCSP allows a simple and most notably a timely accurate status check. This is particularly important for transactions where great emphasis is placed on confidentiality, integrity and authenticity. The OSCP has been specified and standardized by the IETF (RFC 6960). From Windows Vista onwards, OCSP is the preferred protocol for querying the status of certificates.
- Real time status check of X.509 certificates
- Simple installation and administration
- High-performance solution through integrated cache
- Role based administration via a web-based GUI
- The certificate status is determined on the basis of certificate revocation lists (CRL) or database entries
Services
CA/Browser Forum Baseline Compliance
With the OCSP Validation Server from Keyon, a database for each CA can be configured and queried, whether the tested serial number of a certificate exists in the database. With this feature, the high requirements of the CA / Browser Forum Baseline Compliance are met in connection with “OCSP Response for non‐issued certificates”.
Web-based Administration
Administration is performed through a web interface with certificate-based authentication. Any number of users can be assigned to configurable groups with finely differentiated rights.
Maximum security and flexibility
The Validation Server from Keyon supports any number of file, AD, LDAP or HTTP(S) status codes from various internal or external CA’s. Multistage certificate hierarchies and cross certificates are also supported. All common X.509 extensions are interpreted. The key for signing OCSP responses can be stored in a HSM or a soft token.
Expandable through plugins
A plugin API allows the development of your own plugins for the determination of status information and the embedding of extensions in the OCSP responses (e.g. SCT Certificate Transparency).
Scalable and high-performance solution
Using a HSM, hundreds of OCSP requests can be answered per second. An integration in load balancing or cluster systems ensures high availability and performance. All current status information is stored in a cache, so that in the event of a restart it is immediately available as base for the validation of information and independent of other components.
Download
Submit your email address and receive more information about our OCSP Validation Server solution.
- OCSP Flyer
Vendors & Certifications
Pioneering products and solutions from the world’s leading vendors
Swiss IT Security AG
Swiss IT Security AG, a member of the internationally active Swiss IT Security Group, is a service provider in the field of information, system, application and network security. As a passionate IT security service provider and system integrator, Swiss IT Security AG offers its customers coordinated solutions and consulting services for IT security in the corporate environment.
We also provide
Pioneering products and solutions from the world’s leading vendors
