Brochure [PDF]

Product Support

Related Links:
   Overview

Products:
   SecretAgent
   SecretAgent DAS
   CertAgent
   SpyProof!
   SecurePhone
   CDKs
   CMU
   CSPid

  CertAgent™

 

architecture diagram
CertAgent Architecture Diagram


Technical Specifications

 
Current Version
CertAgent 5.2.0
 
Platform

Microsoft Windows, Linux, Solaris, or other UNIX-based system with a suitable Java runtime environment (J2SE 1.5 with J2EE 1.5 SDK or above)

HSM support via PKCS#11 provided for CA key pair generation as well as system and/or CA private key protection

Certificates
and CRLs

Creates ANSI-compliant X.509 v3 RSA, DSA, and ECC certificates (with all standard extensions for PKIX, SSL, and S/MIME) and v2 CRLs; ECC support is fully compliant with NSA Suite B recommendations

Supports several enrollment mechanisms: browser-, file-, and e-mail-based PKCS#10 certificate request submission, plus a bulk enrollment interface for use by an external RA (via TLS w/ client auth.)

Compatible with all popular browsers (including Microsoft Internet Explorer, Netscape Navigator/Firefox, etc.) and PKI-enabled applications (Outlook S/MIME, Lotus Notes, SecretAgent, etc.)

Flexible configuration of policy settngs for DN and certificate extension processing

User-selected 'self-management' passwords can be accepted for revocation and renewal requests, if enabled by CA

Generates up to 8192-bit RSA, up to 4096-bit DSA, and up to 571-bit ECC keys, self-signed certificates for root CAs, and PKCS#10 requests for intermediate CAs
PKI Features

Generates X.509 version 2 CRLs (ANSI X9.57)

Unlimited intermediate CA certificate chaining for hierarchical PKIs; multiple logins (with independent certificate and CRL issuance profiles) can share the same CA credentials to facilitate the delegation of administrative tasks

Maintains an audit trail of all operator, system, and end-user actions: certificate request submission, certificate issuance, certificate revocation, CRL issuance, execution of automated processes, etc.
Directory

An integrated LDAP repository, used for local storage of all issued certificates and CRLs, can be configured to provide public directory access; certificates and CRLs can be retrieved from this repository via LDAP / Active Directory by SecretAgent and most S/MIME clients (including Microsoft Outlook)

Certificates and CRLs may optionally be published to an external LDAP repository, from which certificates may optionally be removed upon revocation

Version 5.1 adds a Java API that can be accessed by authorized remote clients (via secure RMI) to execute SQL queries against the integrated database; this service uses TLS with client authentication using ACLs that are configurable on a per-CA basis
Certification
 Meets NIST FIPS 140-2 Level 1 acquisition requirements (when used with ISC's software cryptographic module; higher levels of assurance can be attained by employing a third party HSM)

CertAgent is built upon ISC's Cryptographic Development Kit (CDK), version 7.0. The ISC CDK fully satisfies NIST FIPS 140-2 and DoD NSTISSP #11 acquisition requirements and has been approved by NSA for classified use. (CDK 7.0 has been awarded FIPS 140-1 Validation Certificate No. 347 by NIST and CSE.) Some information on the use of CertAgent to achieve HIPAA compliance is here.


Licensing
A single-server CertAgent license includes one year of technical support. Maintenance contracts for technical support and free software upgrades in subsequent years are available. Consulting and integration services are also available. ISC’s experienced technical staff can help you integrate CertAgent with an existing LDAP directory, streamline your enrollment processes, or provide guidance on other infrastructure issues as required.

Our pricing is significantly below that of competing products! Contact us to receive a quote.
     
           
   
Products | News | Support | Company | Terms of Use | Copyright
© 2004-2008 Information Security Corporation. All rights reserved.