|
Overview
CertAgent provides the foundation for an affordable public key infrastructure (PKI). Licensed on a per-server basis, CertAgent does not meter, or in any way limit, the number
of certificates that can be issued.
CertAgent supports an unlimited number of root and intermediate CAs, enabling you to create as complex a certificate hierarchy as the size of your enterprise warrants. Its modular architecture allows its administration and end-user enrollment pages to be hosted together on a single server, or divided between an Admin Server and one or more Enrollment Servers.
CertAgent's clearly laid-out administration pages offer:
- CA account management (by site admin)
- LDAP server configuration/management (by site admin)
- certificate request processing, and certificate and
CRL
management (for each
CA)
- enrollment process management (for each CA)
- account management (for each CA)
- access to audit trails (by site admin and individual CAs)
All management functions are performed over SSL-secured
links. CertAgent supports manual enrollment using browser- or
externally generated PKCS#10 files as well as automated enrollment
via e-mail. Certificates may be issued manually or automatically
at the discretion of each CA.
Integrated certificate repositories and CRL storage are provided
for each CA. External LDAP access to the certificate stores of each
CA hosted by the site can be enabled and independently configured
by the site administrator.
CertAgent's intuitive end-user enrollment pages offer:
- browser- and pkcs#10-based enrollment
- certificate and CRL retrieval
End-User Enrollment
End-users can request a certificate using the browser-based enrollment
page:
or by uploading a PKCS#10 file:
A variety of popular browsers are supported: Microsoft Internet Explorer, Netscape, Mozilla, FireFox and Opera.
Once it has been issued, the user's certificate can be retrieved
by simply clicking on the URL in the e-mail notification they receive
from the CA, or they can return to the CertAgent website and enter
the request ID automatically issued to them at the end of the enrollment
step.
The latest version of CertAgent supports optional
Class 1 e-mail address-based identity proofing of enrollees before
certificates are issued. Additional authentication and enrollment
protocols (e.g., CRMF, CMC, or SCEP) can be supported
upon demand.
Certificate Issuance
The primary purpose of any CA is to issue certificates
for users and subordinate CAs, and CertAgent excels at this task.
After reviewing the pending certificate requests, just check those
you wish to process and click Issue.
Subject RDNs (other than common name and e-mail address), validity
periods, and settings for the most important extensions can be preconfigured
differently for each CA's account.
Certificate Management
CertAgent provides complete life-cycle management for your
organization’s public keys: from certificate request, to issued
certificate, to expiration or revocation (or on hold status).
Certificate Revocation Lists
A Certificate Revocation List (CRL) contains the list of
serial numbers of certificates that a CA has revoked or placed on
hold. Client applications may use CRLs to determine which certificates
are still valid for their intended purpose.
CertAgent makes it easy
to revoke certificates or place them on hold. Just specify an ANSI X9.57 reason/instruction
code, and issue the CRL. CertAgent
can even be set up to remind you to CRLs at preconfigured time intervals.
|
