Ultra Electronics Cryptosec Openkey Registration Authority (RA)
The end users' point of access to the Certification Authority
The Registration Authority Cryptosec Openkey RA is the end users' point of access to the Certification Authority.
It is also the tool where certification and revocation requests are generated.
Cryptosec Openkey RA is the Registration Authority that serves as the Certification Authority's (Cryptosec CA) point of entry. It also offers users all the functionalities of generating certificate and revocation requests, in addition to allowing the RA operators to access certification usage policies.
Cryptosec Openkey RA allows for active - passive configuration with Database replication.
This solution consists of an appliance whose Cryptographic Software and Hardware (HSM) are housed a single device, considerably reducing the cost of the product and the time needed to install it. It is designed to generate digital certification requests in a PKI structure.
Cryptosec Openkey RA allows for multiple certificate generation procedures, for instance:
End users connect through an HTTPS-protected Web interface to make their certification requests and these requests are stored until an operator verifies them before then being sent to the CA. All this is performed in a protected and authenticated way, and once Cryptosec Openkey RA receives the certificate, it is sent to the end user.
The system is configured through an HTTPS interface which requires an operator certificate via a fully secure authenticated connection.
The certificates generated and the CRLs can be posted on different systems on a periodic basis. Each of these systems includes a service for clock synchronization via NTP. The data generated (Certificates and CRLs) are stored in the appliance's database.
- Easy administration of the system via HTTPS, requiring a digital operator certificate.
- Access to end users through HTTPS.
- Certification request generation functionality.
- Use of certification and registration policies.
- RSA private key generation from 1024 to 4096 bits.
- Secure generation of keys from an approved device.
- Posting of certificates and CRLs on LDAP, WEB and SAMBA.
- Synchronisation of the system's clock via NTP (Possibility of including other synchronisation systems: GPS, cesium clocks, rubidium clocks, etc.).
- Access to PostgreSQL databases to store audit logs and certificate requests.
- Appliance format which facilitates installation and deployment.
- Accessible PostgreSQL database, although any database may be adapted depending on customer requirements.
- VT100 terminal for secure HSM administration.
- TCP access to an NTP server through port 123.
- Access to the CA (Certification Authority).
Family: Cryptosec OpenKey
Product: Cryptosec RA
Clock Synchronisation: NTP Protocol v3.0
Time Source: Configurable external NTP servers
Software platform: Operating system tailored for operations involving digital certificate generation and revocation requests
Hardware platform: Secure cryptographic module Cryptosec (HSM)
Device administration: Web GUI through HTTPS, digital certificate required
HSM administration: VT100 terminal
RA service access: Access via secure authenticated socket through configurable port
- 1U Rack Mount
- 2U Rack Mount with double power feed, 2 network interfaces and double RAID disk (high availability)
Operating temperature: 10°C to 35°C
Storage temperature: -20°C to 60°C
Operating humidity conditions: 10% to 85%
Non-operating humidity conditions: No 0% to 95%
Interfaces: 10/100/1000 Ethernet, Serial Port: DB-9, 2 USB ports
IP protocols: 1Pv4
Input voltage: 100-240 volts AC
Standards used: NTP v3.0, PKCS#1, PKCS#8, PKCS#10, PKCS#12, SHA, certificates X.509 v3 and CRL X.509 v2 RFC 5280, HTTP, HTTPS.
Download the Cryptosec Openkey RA Datasheet datasheet (PDF).
- Pricing and product availability subject to change without notice.