System Architecture

Each application component provides a series of defined functionalities to other PKI application components of the system, as well as to administering and operating parties, and to end entities, to whom Certificates are issued. This system is built with the following modules:

a. CA Application Server [CA AS]
b. Cryptographic Service Provider [CSP]
c. Time-Stamp Gateway Server [TSA]
d. Online Certificate Status Protocol Gateway Server [OCSP ]
e. CA Administration Management Console [CA AMC]
f. Registration Authority [RA] Management Console [RA MC]
g. Registration Authority [RA] Registration Service [RA RS]

All Digi-CA™ components providing core functionalities were developed using C programming language and the software operates under Unix/Linux operating system environment, which has proven to be a solid, reliable – and if not the best - platform family choice for server side applications.

Diagram below illustrates the overall logical and high level hardware architecture design of a complex PKI infrastructure that Digi-CA™ can be deployed in. This includes multi-server based system component distribution, replication and failover of various PKI services and load balancing.

Whilst Digi-CA™ software can meet most complex requirements, in many scenarios it is often required to operate all PKI related services on a single dedicated server hardware. Digi-CA™ can easily meet this requirement and the diagram below illustrates overall logical and high level hardware architecture design of the basic infrastructure utilizing a single server to operate all Digi-CA™ PKI services. This unique feature of Digi-CA™ software suite provides not only a flexible range of possible configuration variations but allows organisations to slowly build their own PKI infrastructure from a very small environment, thus carefully control their expenditure related to purchasing and maintenance of hardware devices.

Digi-CA™ PKI System provides a wide range of PKI related functionalities and introduces a variety of services and features including:

• Multi-CA system engine allowing operation of multiple Certification Authorities
  Hierarchical CA operations
• Cross-Certification management with external CAs
• Certificate Generation service
• Certificate Dissemination service
• Certificate Renewal service
• Certificate Revocation service
• Certificate Suspension and De-Suspension service
• Certificate Revocation List generation, management and distribution service
• Support for multiple methods of certificate delivery
• Support for multiple key pairs for different purposes bound to a single end entity
• Certificate Profile Management
• Certificate Policy Management
• Certificate Expiration Warning Management
• Key generation and management service
• Cryptographic Service Provider
• Time-Stamping service
• Online Certificate Status Protocol
• Multi-role administration and operation of the CA infrastructure provided by a multi-task web based CA Administration Management Console.
• Interface to Registration Authority provided by a multi-task web based RA Management Console.
• Certificate Subscriber Registration provided by Registration Authority Registration Service
• Event logging and auditing service
• Support for HSM device(s)
• Vendor independent support for a variety of Smart Card and USB Token cryptographic devices