OCSP Validation Server für X.509 Zertifikate

OCSP is a protocol for on-line checking of the current validity status of an X.509 certificate. The OCSP Validation Server from Keyon offers extensive functionality for demanding environments.

With the status inquiry via OCSP it can be determined whether a certificate is still valid or blocked. Compared to the status inquiry through certificate revocation lists (CRL), OCSP allows a simple and most notably a timely accurate status check. This is particularly important for transactions where great emphasis is placed on confidentiality, integrity and authenticity. The OSCP has been specified and standardized by the IETF (RFC 2560). From Windows Vista onwards, OCSP is the preferred protocol for querying the status of certificates.

  • Real time status check of X.509 certificates
  • Simple installation and administration
  • High-performance solution through integrated cache
  • Role based administration via a web-based GUI
  • PKI framework for simple integration of clients
  • The certificate status is determined on the basis of certificate revocation lists (CRL) or database entries
 

Factsheet

 

CA/Browser Forum Baseline Compliance

With the OCSP Validation Server from Keyon, a database for each CA can be configured and queried, whether the tested serial number of a certificate exists in the database. With this feature, the high requirements of the CA / Browser Forum Baseline Compliance are met in connection with "OCSP Response for non‐issued certificates".

 

Web-based Administration

Administration is performed through a web interface with certificate-based authentication. Any number of users can be assigned to configurable groups with finely differentiated rights.

 
IT-Securty & Software Engineering
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
IT-Securty & Software Engineering
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
IT-Securty & Software Engineering
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
IT-Securty & Software Engineering
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
 
 
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
1
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
2
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
3
IT-Securty & Software Engineering
Microsoft PKI, SafeNet HSM, true-Sign, DLP, IRM, AD-RMS
4
 

Maximum security and flexibility

The Validation Server from Keyon supports any number of file, AD, LDAP or HTTP(S) status codes from various internal or external CA's. Multistage certificate hierarchies and cross certificates are also supported. All common X.509 extensions are interpreted. The key for signing OCSP responses can be stored in a HSM or a soft token.

OCSP server as a hardware appliance

The OCSP Validation Server is available as a software or hardware appliance solution. The hardware appliance is based on SafeNet Luna SP.

 

Scalable and high-performance solution

Using a HSM, hundreds of OCSP requests can be answered per second. An integration in load balancing or cluster systems ensures high availability and performance. All current status information is stored in a cache, so that in the event of a restart it is immediately available as base for the validation of information and independent of other components.