Information Security for the Enterprise Home About Us Contact Us
ISC
Mideye
ControlGuard
Support
Buy Online
Brochure

CertAgent™

CertAgent is a self-contained, and easy-to-use Certificate Authority. With separate web-based enrolment and administration interfaces, it allows you to issue X.509 certificates to your employees and business partners, maintaining them in an integrated, externally accessible LDAP repository.

Issue an unlimited number of X.509 certificates with a single server license. No per-certificate fees!

Certificates and CRLs issued by CertAgent comply with all relevant Federal and industry standards and can be used with hundreds of existing applications for the protection of e-mail, authentication of users and web servers, etc.

Designed for small- to medium-sized organizations, CertAgent provides you with exactly what you need to PKI-enable your enterprise. What's more, it's affordable! Setup is easy, and administrative resource requirements and maintenance costs are very low.


Overview

CertAgent provides the foundation for an affordable public key infrastructure (PKI). Licensed on a per-server basis, CertAgent does not meter, or in any way limit, the number of certificates that can be issued.

CertAgent supports an unlimited number of root and intermediate CAs, enabling you to create as complex a certificate hierarchy as the size of your enterprise warrants. Its modular architecture allows its administration and end-user enrolment pages to be hosted together on a single server, or divided between an Admin Server and one or more Enrolment Servers.



CertAgent Administration offer:

  • CA account management (by site admin)
  • LDAP server configuration/management (by site admin)
  • certificate request processing, and certificate and CRL management (for each CA)
  • enrolment process management (for each CA)
  • account and password management (for each CA)
  • access to audit trails (by site admin and individual CAs)

All management functions are performed over SSL-secured links. CertAgent supports manual enrolment using browser- or externally generated PKCS#10 files as well as automated enrolment via e-mail. Certificates may be issued manually or automatically at the discretion of each CA.

Integrated certificate repositories and CRL storage are provided for each CA. External LDAP access to the certificate stores of each CA hosted by the site can be enabled and independently configured by the site administrator.

CertAgent's enrolment pages offer:

  • browser- and pkcs#10-based enrollment
  • certificate and CRL retrieval

End-User Enrolment

End-users can request a certificate using the browser-based enrolment page:



or by uploading a PKCS#10 file:



A variety of popular browsers are supported: Microsoft Internet Explorer, Netscape, Mozilla, FireFox and Opera.

Once it has been issued, the user's certificate can be retrieved by simply clicking on the URL in the e-mail notification they receive from the CA, or they can return to the CertAgent website and enter the request ID automatically issued to them at the end of the enrolment step.

The latest version of CertAgent supports optional Class 1 e-mail address-based identity proofing of enrolees before certificates are issued. Additional authentication and enrolment protocols (e.g., CRMF, CMC, or SCEP) can be supported upon demand.

Certificate Issuance

The primary purpose of any CA is to issue certificates for users and subordinate CAs, and CertAgent excels at this task. After reviewing the pending certificate requests, just check those you wish to process and click Issue.



Subject RDNs (other than common name and e-mail address), validity periods, and settings for the most important extensions can be preconfigured differently for each CA's account.

Certificate Management

A Certificate Revocation List (CRL) contains the list of serial numbers of certificates that a CA has revoked or placed on hold. Client applications may use CRLs to determine which certificates are still valid for their intended purpose.

CertAgent makes it easy to revoke or place certificates on hold, specify a ANSI X9.57 reason/instruction code, and issue a CRL. You may issue a CRL at any time or let CertAgent remind you to issue them at preconfigured intervals.

CertAgent 4.0 Architecture

Encryption & Trust
SecretAgent
SpyProof
PolicyAgent
Document Access Server
CertAgent
  Self-signed Certificates
  Evaluation Copy
Credential Management
Development Tools
Technical Information
Brochures

"... approved by NSA for use in DOD classified environments..."

© Copyright 2006 tamtech Solutions Ltd