A certificate authority server (CA server) offers an easy-to-use, effective solution to create and store asymmetric key pairs for encrypting or decrypting as well as signing or validating anything that depends on a public key infrastructure (PKI).
The certificate authority server generates a root certificate for digitally signing other certificates; generating PKI key pairs; and also signing firmware updates, code as well as other items that require a digital signature.
Certificate authority servers can manage certificate enrollment requests from customers, and are able to issue and revoke digital certificates. All CA Servers are built to address the identity management requirements. By leveraging PKI, organizations can efficiently safeguard their users’ identities. This provides the users with robust e-mail signing and encryption, network authentication, and wireless network access.
Although different CA servers offer different features, most of them offer some or all of the following features:
- Conforms to RFC 5280
- Permits creation of root as well as subordinate issuer CAs
- Supports various logical PKIs comprised of CAs with their own certificate signing keys
- Offers potential to set up various certificate profiles
- Supports various configurable certificate templates, such as SSL server or client, email signing or encryption, EV SSL, DRM, IPSec, TSA certificates, code signing, and so on
- Offers straightforward server-side and client-side key generation
- Supports LDAP/HTTP publication and X.509 CRL issuance
- CWA 14167-1 certified security management to guarantee qualified CA services
- Supports Hardware Security Module (HSM) centered CA private key storage and processing
- Offers RSA certificate signing
- Offers ECDSA certificate signing
- Supports various hash algorithms
- High resilience, availability, and throughput capability
- Makes use of solid access control and operator authentication