The Digi-CA™ system can create multiple instances of unique CAs in a single Digi-CA™ system. The Digi-CA™ model imposes delegation of trust downwards from CAs to their Subordinate Certification Authorities [Sub-CAs]. The same Digi-CA™ system also enables any CA or Sub-CA to be signed or cross signed by an external third party CA. And any number of CAs can have any number of cross signed Sub-CAs. As a result of this design principal, the Digi-CA™ model for trust levels increases towards the highest authority. This type of arrangement facilitates easy deployment and scalability of any PKI requirement from the smallest to the largest.
Digi-CA™ replaces older Traditional PKI technology and CA systems using the latest in CA technology. With Digi-CA™, all of the complexities and onerous technical overhead that were required by Traditional CAs have been simplified to a ‘user-friendly’ and usable level. Digi-CA™ can also be ‘dropped’ on top of these Traditional CA environments and seamlessly migration the older system’s users into this more modern and flexible replacement.
At its core, the Digi-CA™ system works on Unix/Linux operating systems and was written using C programming language for the low application level and PHP at the high level. The design philosophy was that the simplicity of the complete system should also be capable of large scale enterprise or national CA system, so that it could be delivered and scaled, easily. This critical design component has not changed in the past seven years.
To enable this, the modular design of Digi-CA™ allows easy and flexible service distribution to multiple numbers of servers, thus achieving high level of service availability. Each system component, for example the Cryptographic Service Provider [CSP], and all system modules can be installed and operated on a multiple number of servers that can further be configured in a variety of high availability modes such as fail over, cluster and load balanced.
In each case, software or hardware high availability solution can be independently implemented to achieve best option suitable for your environment. And even more importantly, Digi-CA™ has the ability to scale, easily and without interrupting the live production environment at any stage during the life of your system.
The Digi-CA™ System can issue, revoke, suspend, de-suspend and re-sign x.509v3 Digital Certificates. Time-Stamping, Online Certificate Status Protocol [OCSP], Certificate Revocation Lists [CRLs] and many other features of a PKI system can be activated as required using the administration console of the system.
End user information and certificate requests are entered through the web based Registration Authority [RA] Management Console. This powerful RA Management Console manages the entire Certificate Life cycle. Basic Certificate issuing and revocation by Operatives can be further delegated through a basic and modified RA Management Console interface called the Digi-CA™ Control Centre. It is the Digi-CA™ Limited RA [LRA] - Control Centre that is used by the RA Operator on a day-to-day basis.