Public Key Infrastructure (PKI) and open key cryptography is the basis of information security. Certification authority plays the leading role in this infrastructure.
High security level
-
Certified cryptographic software CryptoPro CSP
-
Hardware random number generator
-
Authentication among components using the TLS protocol
-
Role based access control
-
Advanced audit features
Possibility to use the external hardware cryptographic module (HSM)
Reliability
Integration with the Microsoft Windows Server operating system, the MS SQL Server (MSDE) and the MS Certificate Services allow for the high level of reliability and capacity, and means to perform the backup and restoration.
Flexibility
To provide the authenticity of the data, contained in the X.509 certificates, CryptoPro CA allows for the use of several operation modes.
Depending on the company's policy, the CryptoPro CA allows for the use of the combined modes which join the centralized and distributed user registration models.
Features
-
Automatic certificate publishing in the directories (LDAP, Active Directory)
- Automatic certificate revocation lists distribution in the certification authority hierarchy
-
Automatic users' notification via email on the life cycle of their certificates
- The opportunity to use different cryptographic algorithms, via the Microsoft Cryptographic Service Providers interface
-
The opportunity to define certificate extensions and different validity periods in accordance with the Х.509 and RFC 3280 recommendations
Components
The CryptoPro CA Certification Authority consists of the following components:
- Certification Authority (CA)
- Registration Center
- Administrator’s WKS
- User tools for interaction with the CA
- Programmatic interface for interaction with the CA
Certification Authority
The Certification Authority is the fundamental component of the subsystem designed to generate public key certificates for users and administrators of the Certification Authority, to generate lists of revoked certificates and to store the standard certificate base and lists of revoked certificates. The CA functions within the Microsoft Windows Server operating system. The CA interacts exclusively with the Registration Center using a secure network protocol.
Registration Center
The Registration Center is the component of the CA responsible for the storage of users’ registration data, users’ certificates and certificate requests as well as for providing the interface responsible for interaction between users and the Certification Authority. The Registration Center operates within the Microsoft Windows Server operating system and uses the Microsoft SQL database. The Registration Center interacts with the Certification Authority through an isolated segment of the local network using a secure network protocol. The user’s interaction with the Certification Authority is provided using the User’s WKS (an interface provided for the user by the Registration Center).
The Registration Center is the only point of entry (registration) for users in the system. Only a user registered with the Registration Center is able to obtain a certificate for his or her public key in the Certification Authority.
Administrator’s WKS
The Administrator’s WKS component is responsible for carrying-out organizational-technical measures related to user registration, generating service keys and user certificates and managing the Registration Center. The Administrator’s WKS operates within the Microsoft Windows operating system. The Administrator’s WKS interacts with the Registration Center through an isolated segment of the local network using a secure network protocol.
The Administrator’s WKS is an application developed on the Microsoft Management Console and uses all primary management tools offered by MMC. The Administrator’s WKS may be used in an integrated environment together with other administration applications, such as Microsoft SQL Server Enterprise Manager, Microsoft Internet Information Manager and others.
Additional materials
Crypto-Pro LLC Test Certificate Authority
- You can use the test CA to obtain a public key certificate for a digital signature verification.
- To obtain a certificate you should generate the private and public keys and input the data that is used to associate a public key and the certificate’s owner.
https://cryptopro.ru/certsrv/en/