Ascertia launched the ADSS Server 8.0 release on 3 March 2023.
Secure, scalable, and foundational to digital business – ADSS Server is the only trust service product that can be used with third party trust infrastructures.
Why is Common Criteria Important for my business?
ADSS PKI Server achieved the latest protection profile available for Certification Authorities – Common Criteria EAL 4 against the 2017 National Information Assurance Partnership (NIAP) Protection Profile for Certification Authorities version 2.1.
Common Criteria is important for any PKI projects where products need to be validated against an internationally recognised scheme to ensure the product is independently tested and trust worthy.
Third-party certifications are valuable to auditors. For instance, Common Criteria Certification demonstrates that an independent lab and certification body has tested and proven that the solution meets the security requirements defined in the protection profile. This information helps to reduce audit cycles.
Ascertia selected the National Information Assurance Partnership (NIAP) Protection Profile for Certification Authorities, instead of the Certificate Issuing and Management Components (CIMC) protection profile. The NIAP protection profile was created in 2017 versus the CIMC protection profile, which dates back to 2011! It means Ascertia is certified against the most recent protection profile available for a Certification Authority (CA).
Ascertia selected the NIAP protection profile to cover CA and Online Certificate Status Protocol (OCSP) modules.
Products that certify solely against the US NIAP Protection Profile are recognised as Common Criteria EAL1. Ascertia has taken the additional time to select the NIAP Protection Profile and recognises the need for the higher assurance levels required for TSPs, Enterprises and Governments. This is why Ascertia has been certified to EAL 4, which requires far more detailed testing.
ADSS Server 8.0 release developments
For Ascertia partners and customers, this means enhancements to ADSS Server’s functionality, including:
- Support for Enrolment over Secure Transport (EST - RFC 7030): ADSS Server now supports this secure REST interface. It is used for certificate generation, renewal, rekey, and revocation.
- Enhanced implementation to access ADSS Server Console: ADSS Server now allows access to operator certificates even when the certificate revocation source is unavailable, which is helpful in environments offline to OCSP and CRL HTTP Servers or when revocation sources are only available intermittently.
- Security Banner for accessing ADSS Server Console: ADSS Server now displays a Security Banner before operators access the console, informing them of the organisation's security policies and acceptable use.
- Support for CA/B Forum 1.8.4: ADSS Server now supports the latest CA/Browser Forum guideline version, v1.8.4, which is essential for Trust Service Providers to remain compliant with the latest standards for issuing and managing TLS certificates for secure e-commerce.
- HMAC Verification Security: ADSS Server HMAC verification terminates services if the HMAC verification process discovers any alteration to ADSS Server database records.
ADSS Server 8.0 benefits
Ascertia customers and partners can benefit from ADSS Server’s unique functionality, including:
- Digital Signature: ADSS Server’s signing service can create and verify digital signatures on documents or transactions.
- Digital Signature Verification: ADSS Server can be used to verify signed data objects and validate the associated certificate chains.
- Go>Sign: This feature enables users to sign using locally stored keys or certificates within an end-user workstation. With the Go>Sign client, users can sign using PKCS#11 or CSP-based keys stored on devices such as tokens or smartcards.
- Signature Activation Module (SAM): Provides the capability to manage users and their signing keys and enables users to authorise digital signatures remotely and securely using their authorised mobile device.
- Remote Authorisation Signing (RAS) Service: Working with SAM, RAS enables users to remotely register, sign, and check signing requests, utilising Cloud Signature Consortium-enabled API to provide the highest levels of interoperability for digital signatures.
Subscribe to the Ascertia blog for the latest ADSS Server product news and guides.