CertifyID Certificate Directory & Publisher
Sharing digital IDs is important for enabling secure communication. Once an electronic
identity credential has been issued to an individual or entity, the eID is thus
typically published to a certificate directory, where users can search for other
IDs just like with a phone book. Using an identifying characteristic of the intended
recipient, such as their name or email address, applications can find their digital
ID and thus enable encryption and secure communication. Sometimes a digital ID is
revoked or suspended (in much the same way a credit card is revoked), in which case
it may be deleted from the certificate directory. These directories are also used
to store Certificate Revocation Lists (CRLs), CA certificates, and access can be
restricted, or be made public as desired.
The CertifyID Certificate Directory uses Microsoft ADAM (Application Directory Application
Mode) with WISeKey’s CertifyID Directory schema to provide a highly scalable LDAP
directory server capable of storing digital certificates, CRLs, and PKIX objects.
The CertifyID Directory schema has been designed to comply with ISIS-MTT, and federal
PKI standards for PKI LDAP directories, and is able to contain many millions of
certificates.
CertifyID Certificate Publisher works in combination with CertifyID Guardian to
dynamically publish certificates from the CA server to one or more CertifyID Directories,
or other PKIX LDAP compliant directories. It publishes CRLs (Base and Delta), CA
and end-entity certificates to the certificate directory, and is capable of deleting
revoked and expired certificates from the directory. CertifyID Certificate Publisher
can also be configured to publish certificates based on its key usage (signature,
encryption), or template name, so that only certain types of certificates are made
available to other users.
CertifyID Directory Hosting Service
WISeKey offers a directory hosting service, so that companies can host their company’s
directory of certificates in our directory server farm located in our world class
secure data hosting facilities. These directories can be flexibly setup as being
either private or publicly accessible, and the hosting service enables quick setup
of a directory service, and can also act as an ideal backup for an in-house directory
server, or alternative in cases of heavy directory traffic and queries.
WISeKey Global Directory Service
Certificate directories are generally made publicly available, so that external
users can find the encryption certificates of an organisation’s employees, and thus
send confidential information to them quickly and safely. Thus in addition to our
directory hosting service, WISeKey maintains a publicly available Global Certificate
Directory service that can be consulted by popular applications that support internet
standard digital IDs (X.509 certificates) and LDAP directories. Organisations can
quickly benefit by publishing their certificates to this globally available directory
server, thus assuring that Internet users are able to find their user’s encryption
certificates, and thus public keys, and thus communicate securely with them. The
service supports all LDAP compliant publishing mechanisms, and X.509 PKIs, and offers
especially easy integration with the CertifyID suite of products and services, such
as the CertifyID Trust Center and CertifyID Managed PKI.
Directory Server (ADAM) / Certificate Publisher(C++/C#):
Provides a highly available and reliable directory service (LDAP), with flexible certificate publishing whose schema can conform to be compliant with ISIS-MTT PKI management specification, and other government specifications.
- Publish to WISeKey Global Directory Service (GDS) for universal accessibility,
- Reliably publish certificates to local and/or external Directory instances,
- Multi-master replication and directory scaling,
- Optionally remove revoked and/or expired certificates,
- Schema conformance to ISI-MTT, Federal Govt, and other on demand
