There are four consoles in the Digi-CA™ system, namely:

Fused User Protected Storage

In the case where the end entity certificates is stored in the Microsoft Internet Explorer certificate Store of the Desktop Profile for the user, there is an option in the Digi-CA Sever™ system to offer further security levels by enabling the User Protected setting. Depending on the CP, this can be offered to the end user as an option or it can be enforced. The security levels are:

• Low
• Medium
• High

For end entity certificates there are two different Storage Types and several devices that need careful consideration when choosing how your certificates will be deployed. The correct selection is critical to the ease of operation combined with the level of security you need to achieve.

Digi-CA™ has different delivery options for each digital certificate it produces. The most common use for Digi-CA™ is to deliver end entity certificates. Prior to the installation of the Digi-CA™, the CP is documented and this determines what Method of Delivery is used for issuing a digital certificate.

Digi-CA™ has different certificate application options for each type of digital certificate it produces. In low volume situations, such as SSL certificates, the application process is conducted manually. Alternatively, when issuing thousands of client certificates to end users, part or all of the application process can be automated.

The three application options are completely manual, completely automated or partial automation, as required.

The production of any digital certificate, from any provider, uses the same x.509 elements and the method that is used to inextricably link the key-pair to the certificate we call the ‘Binding Option’. There are two different Binding Options that can be used when generating digital certificates and each one produces an inherently different CA environment.

The issue of Key Management is an important consideration when selecting any CA system. To understand the importance of this subject, you must first understand the real difference between the key-pair and the certificate. The key-pair is used to provide the authentication and the unique identity of the end user. The certificate, that is used to sign this key-pair, tells you that it is valid and ‘not out of date’. Together the key-pair and the certificate create the ‘package’ that makes up the digital certificate.

The simplest way to select the correct Digi-CA™ for your organisation is to decide how many users you have (or in some cases the number of physical devices you need to identify). This should include employees, customers, partners or suppliers and the individual people that work in each of these areas that you wish to issue a digital certificate [Digi-ID™] too.