Digi-Sign, The Certificate Corporation
Published on Digi-Sign, The Certificate Corporation (https://www.digi-sign.com)

Home > System Architecture

By Digi-Sign
Created Feb 22 2008 - 12:51

System Architecture

Each application component provides a series of defined functionalities to other PKI [1] application components of the system, as well as to administering and operating parties, and to end entities, to whom Certificates are issued. This system is built with the following modules:

    a. CA [2] Application Server [CA AS]
    b. Cryptographic Service Provider [CSP]
    c. Time-Stamp Gateway Server [TSA]
    d. Online Certificate Status Protocol Gateway Server [OCSP [3] ]
    e. CA Administration Management Console [CA AMC]
    f. Registration Authority [RA] Management Console [RA MC]
    g. Registration Authority [RA] Registration Service [RA RS]

All Digi-CA™ [4] components providing core functionalities were developed using C programming language and the software operates under Unix/Linux operating system environment, which has proven to be a solid, reliable – and if not the best - platform family choice for server side applications.

Diagram below illustrates the overall logical and high level hardware architecture design of a complex PKI infrastructure that Digi-CA™ [4] can be deployed in. This includes multi-server based system component distribution, replication and failover of various PKI services and load balancing.

IMAGE


Whilst Digi-CA™ software can meet most complex requirements, in many scenarios it is often required to operate all PKI related services on a single dedicated server hardware. Digi-CA™ can easily meet this requirement and the diagram below illustrates overall logical and high level hardware architecture design of the basic infrastructure utilizing a single server to operate all Digi-CA™ PKI services. This unique feature of Digi-CA™ software suite provides not only a flexible range of possible configuration variations but allows organisations to slowly build their own PKI infrastructure from a very small environment, thus carefully control their expenditure related to purchasing and maintenance of hardware devices.

IMAGE



Digi-CA™ PKI System provides a wide range of PKI related functionalities and introduces a variety of services and features including:

  • Multi-CA system engine allowing operation of multiple Certification Authorities
    Hierarchical CA operations
  • Cross-Certification management with external CAs
  • Certificate Generation service
  • Certificate Dissemination service
  • Certificate Renewal service
  • Certificate Revocation service
  • Certificate Suspension and De-Suspension service
  • Certificate Revocation List generation, management and distribution service
  • Support for multiple methods of certificate delivery
  • Support for multiple key pairs for different purposes bound to a single end entity
  • Certificate Profile Management
  • Certificate Policy Management
  • Certificate Expiration Warning Management
  • Key generation and management service
  • Cryptographic Service Provider
  • Time-Stamping [5] service
  • Online Certificate Status Protocol
  • Multi-role administration and operation of the CA infrastructure provided by a multi-task web based CA Administration Management Console.
  • Interface to Registration Authority provided by a multi-task web based RA Management Console.
  • Certificate Subscriber Registration provided by Registration Authority Registration Service
  • Event logging and auditing service
  • Support for HSM device(s)
  • Vendor independent support for a variety of Smart Card and USB Token cryptographic devices


  • AACD™

Source URL: https://www.digi-sign.com/aacd/digi-ca/system%20architecture

Links:
[1] https://www.digi-sign.com/public+key+infrastructure
[2] https://www.digi-sign.com/certificate+authority
[3] https://www.digi-sign.com/digi-ca/administrator/online+certificate+status+protocol
[4] https://www.digi-sign.com/digi-ca
[5] https://www.digi-sign.com/digi-ca/administrator/time+stamp