Академический Документы
Профессиональный Документы
Культура Документы
Insta Certifier
– The trust enabling CA product
Standards-based certificate
Insta Certifier allows easy certificate enrolment and publishing
enrolment for various use cases such as
strong authentication of users, mobile Insta Certifier provides several
Key Features devices, servers and web services. The standards-based interfaces for
product is fully standards-based, yet certificate enrolment, including CMPv2,
Fully standards-based flexible ensuring easy adaptation to real SCEP and PKCS#10.
Scalable to large-scale PKI life business processes and diverse Any standard HTTP server or LDAP
environments corporate ICT environments. directory, e.g. Microsoft AD or Linux
directory server can be used for
High availability through
redundancy and clustering Due to its security architecture and publishing certificates and CRLs.
unique security features, such as support
Flexible management of CA OCSP responder included
policy rules for latest algorithms, e.g. ECC (Elliptic
Curve Cryptography), Insta Certifier is Insta Certifier includes an OCSP
OCSP responder service ideally suited to high security (Online Certificate Status Protocol)
Comprehensive algorithm applications. responder service, enabling real-time
support, e.g. ECC retrieval of certificate status. By using
Evolving and supported Being the trusted CA solution for large OCSP, fetching and processing of
security-oriented organisations, a long potentially large amounts of CRL data
life cycle is guaranteed, along with can be avoided.
professional support, training and
services.
Product Features Supported Protocols & Algorithms
Certificate management Certificate enrolment, publishing and
management protocols
Online certificate life-cycle management
Fully customizable automation of CA&RA policy rules Certificate Management Protocol (CMPv2)
Multiple CA hierarchies and RAs within an installation Simple Certificate Enrolment Protocol (SCEP)
Web-based self-enrolment with customizable web Web-form-based PKCS#10 certification requests
enrolment pages Web browser enrolment
Registration authority (RA) with smart card and USB Online Certificate Status Protocol (OCSP)
token personalisation option Lightweight Directory Access Protocol (LDAP)
Automatic CA renewal Hypertext Transfer Protocol (HTTP)
Manual and online cross-certification
Online key backup and recovery Supported formats
CA private key storage in Hardware Security Module
X.509v3 certificate profile
(HSM)
X.509v2 CRL format
PKCS#1 RSA
Revocation PKCS#6 extended certificate syntax (selectively)
Periodic CRL publishing PKCS#7 envelopes
Per-revocation CRL publishing PKCS#8 password-protected private keys
Self-revocation based on pre-shared key (PSK) PKCS#9 attribute types (selectively)
OCSP responder service with whitelist checking and PKCS#10 certification requests
HSM support PKCS#12 Personal Information Exchange Syntax
Certification Request Message Format (CRMF)
Architecture
Interfacing with Hardware Security Modules
Modular architecture: Front-end PKI services and back- (HSM)
end certificate engine
Clustering of multiple back-end certificate engines with PKCS#11 crypto API
geo-redundant deployment option Supports e.g. Thales and SafeNet HSMs
Duplication of front-end PKI services
Online and offline CA deployment options Security protocols
Secure communication between system components
Transport Layer Security (TLS)
Directory integration
Public-Key algorithms
Certificate and CRL publishing to standard LDAP
directory or HTTP server RSA (up to 8192 bits)
Flexible publishing schemas ECC (secp256r1, secp384r1 and secp521r1)
Support for Microsoft Active Directory
TLS protection of LDAP publishing Hash algorithms
LDAP authentication SHA-1
SHA-2 (SHA-224, SHA-256, SHA-384 and SHA-512)
Administration
Web administration UI with role-based access control Symmetric algorithms
Support for dual control and separation of duties AES 128/256-bit keys
Restriction of access to specific CAs and specific 3DES
operations
Integrity-protected event logging and audit trail
SNMP support for monitoring and statistics
Compliance
EU Directive on Electronic Signatures (1999/93/EC)
EU/ETSI qualified certificates
3GPP CMP profile
ICAO Doc 9303, Part 12 - Public Key Infrastructure for
Machine Readable Travel Documents Further information:
security.insta.fi
security@insta.fi
Insta DefSec Oy
Sarankulmankatu 20
P.O. Box 80
FI-33901 Tampere, Finland
+358 20 771 7111
www.insta.fi