System Design

Certificate Authority System Design

PDF The Digi-CA™ system is built in several modules. Each module communicates with other modules either directly through a programmable socket interface or an API interface. The system design is such that no access is allowed to the system Certificate Engine core level, except through the web based interface panel or through SSH for power low level administrators only [super users].



Digi-CA™ Operating System

    Digi-CA™ has been designed and is built for Unix / Linux compatible operating system platforms. Typical installations use FreeBSD 5.4+ Unix or a RedHat Enterprise Linux based operating system.



Digi-CA™ Certificate Engine

    The main module of the system is the Digi-CA™ Certificate Engine core that is used for the creation and revocation of Certificates based on the system Certificate Policy. It uses a direct interface to the Digi-CA™ Information Database that contains information about all Digi-ID™ Certificate holders and the issued (or pending to be issued, suspended or revoked) Certificates. Output from the Digi-CA™ Certificate Engine core is directed to:

    • The database Digi-CA™ Information Database for updated user information after the Certificates are created or revoked.
    • The LDAP Digi-CA™ Directory that contains information about all issued and valid Certificates.
    • Smart card or USB token support system (if installed) for the generation of the Digi-Card™, Digi-Token™, etc.
    • Email system for distribution of Digi-ID™ Certificate collection notices for the Process Method or the actual PKCS#12 [.p12] package in if the Digi-ID™ is distributed using the Package Method.

The Digi-CA™ Certificate Engine core is designed so that no Administrator intervention is necessary. Using a daemon server, important maintenance tasks occur automatically.