Why choose the cCA certification authority?
The certification authority in the public key infrastructure is a comprehensive system that plays a crucial role in ensuring the security of electronic communication and the authenticity of information in the digital environment. It is an entity responsible for issuing, managing, verifying, revoking public key certificates, and publishing Certificate Revocation Lists (CRLs).
Organizations worldwide actively utilize certification authorities to secure their electronic communication and ensure the integrity of information in the digital environment.
Discover the certification authority from Cryptive
The main advantages of the cCA solution are:
Security
The security of our product is an absolute priority, and we do not accept any compromises in this area. Therefore, we pay special attention to code quality and provide advice on secure cCA implementation.
Compliance
We systematically ensure adaptation so that digital certificates generated by cCA may include instructions outlined in the eIDAS regulation and comply with the guidelines of the CA/B Forum.
Dedicated support
Our team of specialists is available to provide personalized support in case of issues or questions. Experienced experts not only resolve current issues but also offer full understanding and assistance in answering questions.
SaaS or On-Premise
We offer two options according to your preferences and needs. Choose the SaaS model to use our solution in the cloud, or opt for the On-Premise model to have fuller control and customization of our solution to fit the specifics of your infrastructure.
Flexibility
The flexibility of our solution is reflected in the ability to adapt to the unique requirements of your organization, regardless of the industry's specifics or the scale of the project.
Easy integration
The API has been optimized for easy implementation, even without advanced programming knowledge. Integrating the features into the client's system is intuitive, allowing for quick deployment without unnecessary complications.
cCA connects to and stores CA keys using Hardware Security Modules (HSMs)
Hardware Security Modules (HSMs) play a crucial role in enhancing the security of the Public Key Infrastructure (PKI) by providing a secure environment for storing and safeguarding cryptographic keys. Cryptographic material, represented by keys, is managed and stored separately from the operating system, significantly reducing the risk of compromising the private key of the CA, which could potentially lead to a violation of the certificate chain structure in the certification path.
Cross-Platform Compatibility and Support for x86 and ARM Architectures
Thanks to cross-platform support and compatibility with x86 and ARM architectures, the application becomes flexible in adapting to different environments. Proper compatibility with Windows, Linux, and x86 and ARM processor architectures provides users with a wide range of possibilities, eliminating potential issues with adaptation to various platforms.
Supported operating systems from the Windows family
- Windows 10 64-bit is supported by x86 or ARM processors.
- Windows 11 64-bit is supported by x86 or ARM processors.
- Windows Server 2019 64-bit is supported by x86 processors.
- Windows Server 2022 64-bit is supported by x86 processors.
Supported operating systems from the Linux family
- Debian 11 64-bit is supported on x86 or ARM processors.
- Debian 12 64-bit is supported on x86 or ARM processors.
- Ubuntu 22.04 LTS 64-bit is supported on x86 or ARM processors.
Supported Cryptographic APIs
Within the cCA system, we support two key Cryptographic Application Programming Interfaces (APIs): PKCS #11 and CryptoAPI.
PKCS #11 is a standard Cryptographic Application Programming Interface for cryptographic devices, enabling secure cryptographic operations using hardware. It is a crucial element facilitating communication with secure Hardware Security Modules (HSMs).
On the other hand, CryptoAPI provides applications with the ability to use various cryptographic services available in the Windows operating system.
Frequently Asked Questions
Concerning the Certification Authority (CA):
What is a Certification Authority (CA)?
A Certification Authority (CA) is a key component of the public key infrastructure, playing a crucial role in ensuring the security of electronic communication and the authenticity of information in the digital environment. The CA acts as an authority responsible for issuing, signing, storing, and managing digital certificates, including the signing of certificate requests, revocation of public key certificates, and the publication of the Certificate Revocation List (CRL).
What is a Certificate Signing Request (CSR)?
A Certificate Signing Request (CSR) is a set of information encoded, typically in PEM (Privacy Enhanced Mail) or DER (Distinguished Encoding Rules) format. It includes the public key, data identifying its user, and additional information. The CSR itself is signed by the private key of the entity applying for a digital certificate. After creating the CSR, the user can submit it to the Certificate Authority (CA) for signing the Certificate Signing Request and obtaining a digital certificate.
What is a digital certificate?
A digital certificate, often referred to as a public key certificate, plays a crucial role in the field of cybersecurity, especially in the context of Public Key Infrastructure (PKI). This document serves as an electronic seal confirming the authenticity and identity of an entity that possesses a public key. Through digital certificates, secure establishment of connections, user authentication, digital document signing, and ensuring data integrity become possible. In this way, public key certificates constitute a key element supporting secure usage of information technology in today's digital world.
What is a Certificate Revocation List (CRL)?
The Certificate Revocation List (CRL) is a regularly updated registry of serial numbers of certificates that have been revoked or suspended by their issuer, the Certification Authority (CA). Revocation of certificates can result from various reasons, such as the compromise of the private key. The responsibility for generating and publishing the CRL lies with the CA.
What is the Online Certificate Status Protocol (OCSP)?
The Online Certificate Status Protocol (OCSP) is a tool used in the public key infrastructure (PKI) to verify the current validity status of a digital certificate in real-time. Instead of relying on Certificate Revocation Lists (CRLs), which are regularly published, OCSP allows querying the current status of a certificate without the need to download the entire list. This is particularly crucial for performance, especially when the CRL contains many revocation entries, leading to a significant size. In contrast, OCSP responses are much smaller in size.
