Components for Microsoft CA
Software modules to enhance and enable compliance for Microsoft Active Directory Certificate Services
Taking Microsoft CA to the next level
Microsoft Active Directory Certification Services (ADCS) is widely used in the Enterprise environments, but it lacks important features for advanced PKI implementations.
WISeKey is a long-lasting Microsoft Technology Partner and has extensive experience deploying and leveraging Microsoft ADCS for complex environments, like mission-critical infrastructures or PKI for Publicly Trusted Certificates. This experience has led to the development of software modules that complement and enhance the Microsoft ADCS.
CertifyID Guardian XM
CertifyID GuardianXM adds database redundancy and resiliency to Windows Certificate in order to provide high availability services. It is a standard exit module which is installed on Windows Certificate Services. The module stores all Certificates and related information such as Certificate Status History (the changes of a certificate status during its lifecycle) in an SQL database. This database can be mirrored or replicated at an offsite location to provide effective disaster recovery. Features:
- CA Disaster Recovery – allows recovery of the Certificates Services database to its 100% valid state following data corruption or loss
- Improve the efficiency of certificate management activities by implementing a central certificate information database to support lookup and reporting
- Implement near-real time data updates
- Implements batch load/update/audit capability allowing mass loading and update
- Compatibility with Windows Server up to 2016 version
CertifyID Policy Module
WISeKey CertifyID Policy Module is a custom policy module for Microsoft Certificate Services. It receives requests from Certificate Services, evaluate their attributes & properties, then add or modify several properties of the certificates that are built to satisfy these requests. Features:
- Support Enterprise CA
- Support Multi Domains
- Auto enrollment Ready
- Domain Validation during the enrollment process
- Support CA-Cluster
- Support Windows 2003, 2008, 2008 R2, 2012 in x86 and x64
- Subject DN, SAN, custom OID, can be customized via configuration parameters
- Supports flexible and extensive certificate templates for NIS (C++/COM)
CertifyID OCSP Publisher for PrimeKey OCSP VA
Although Microsoft ADCS includes an “OCSP Responder” service, this feature lacks of two important capabilities:
Microsoft OCSP bases its responses on the CRL published by the CA. This means that it can’t be used in scenarios where accurate real-time responses are needed, and as Microsoft OCSP only responds appropriately for revoked certificates that are in the CRL, it can’t be used in scenarios where it’s required to ensure that a particular certificate was really issued by the CA.
WISeKey has developed an “Exit Module” for Microsoft ADCS that allows real-time synchronization with an external OCSP server implemented with PrimeKey’s EJBCA, ensuring fully compliance for real-time responses.