Enterprise Integration, Security & Technology Solutions
Axway - Global
- Argentina - Spanish
- Australia - English
- Austria - German
- Belgium - English
- Brazil - English
- Canada - English
- Central America - Spanish
- China - English
- Denmark - English
- Finland - English
- France - French
- Germany - German
- Hong Kong - English
- Ireland - English
- Italy - Italian
- Japan - English
- Korea - English
- Luxembourg - English
- Malaysia - English
- Mexico - Spanish
- Morocco - French
- Netherland - English
- New Zealand - English
- Norway - English
- Other - English
- Russia - English
- Singapore - English
- South America - Spanish
- Spain - Spanish
- Sweden - English
- Switzerland - French
- Switzerland - German
- Switzerland - Italian
- Turkey - English
- United Kingdom - English
- United States - English
Axway VA Server – A Sophisticated Digital Certificate Server
At the core of the VA Suite is VA Server, a sophisticated digital certificate status responder that is Certification Authority (CA)-neutral and provides support for multiple CAs, several different trust models, and CA-specific validation policies.
VA Server maintains a store of digital certificate revocation data by obtaining the Certificate Revocation List (CRL) and, optionally, serial numbers from the issuing CA. To validate a digital certificate, a client application can query the VA Server rather than having to perform the cumbersome task of obtaining and processing the entire CRL every time it encounters a digital certificate.
Client applications can query VA Server utilizing various open standard protocols (OCSP, SCVP, CMP, VACRL), which allows them to delegate the entire certificate validation and certificate revocation operation, including path construction and intermediate CA validation, to the VA Server. For tactical environments, or where bandwidth is limited, VA also offers support for protocols like Compact CRL and VACRL that allow the server to convert CA-issued CRLs – which can creep up to 40+ MB for mature Public Key Infrastructures (PKIs) – into revocation data that has a much smaller footprint.
VA Server offers numerous advanced features that make it the ideal solution for customers who need a high-performance and high-availability solution proven in a wide range of application environments.
VA-to-VA mirroring (replication)
VA Mirroring provides support for backup, load balancing, and failover by replicating the same certificate revocation data across a cluster of VA Servers. Mirroring enables revocation data from a source VA to be replicated via a secure push or pull synchronization mechanism to one or more destination VA. Replicated revocation data can consist of pre-computed OCSP responses, CA-generated full CRLs, or delta CRLs representing the changes between two full CA-signed CRLs, VA-manufactured delta CRLs representing the needs of the destination, or VA-generated CRLs based on instant local revocation (either by the VA administrator or by a CMP message).
Distributed repeater-responder caching
The distributed VA responder-repeater caching architecture maintains a cache loaded with OCSP responses that are pre-computed or dynamically built up by proxy client requests to a responder. Repeaters also support VA-to-VA mirroring and can cache revocation data in VACRL or Compact CRL form. Axway’s Compact CRL or VACRL protocols support clients that want to maintain their own revocation data caches for backup. This functionality is highly useful in low-bandwidth environments or environments where real-time network access is not possible at all times.
Since a repeater does not need to perform cryptographic operations (the cached responses are digitally signed by the responder), it does not require additional cryptographic hardware support, offering a cost effective way for organizations to scale their digital certificate validation infrastructure for performance and availability. Repeaters do not contain any sensitive key material and can easily reside in a different administrative domain than the responder server, allowing the responder to be secured using a firewall or air gap. The Axway VA Repeater, however, does use a FIPS 140-2 certified software cryptographic kernel for operations like signature verification and path validation.
Multi-platform solution
Additionally, the VA product line includes the Axway VA Repeater Appliance and Repeater Servlet. The VA Repeater Appliance is a hardware-software appliance solution, leveraging Axway’s secure, hardened Linux-based platform, and also available for Windows. The VA Repeater Appliance can be installed in less than thirty minutes, offering organizations the lowest total cost of ownership and an ideal solution for distributed computing environments. The Repeater Servlet provides a light-weight solution for deploying a high-scale, high-reliability digital certificate infrastructure, leveraging the platform independence of Java. The Repeater Servlet is an ideal solution for distributed hosted computing environments.
Robust security and non-repudiation
VA Server supports a range of security features such as SSL-based communications with clients, digitally signed client requests/responses, and digitally signed XML logs and CRL archives, as well as SSL-based server administration. To enhance the performance of these features, VA Server supports software, PKCS #11, and CAPI token-based hardware signing and encryption products, including FIPS 140-2 Level 3 and Level 4-compliant hardware security modules, from all leading vendors.
The Validation Authority Suite also includes:
- Server Validator, a flexible client application for validating digital certificates from the most widely used secure Web servers and Web application servers.
- Desktop Validator, a flexible client application that enables Microsoft Windows-based desktop and server applications to validate digital certificates via the Microsoft Cryptographic API (CAPI).
- Validator Toolkit, a complete set of certificate validation functions, source code examples, and reference manuals that enables certificate validation integration into commercial or custom applications developed in C/C++ or Java.
© 2013 AxwayAll rights reserved.
RSS
Facebook
Twitter
Blog