SSH Tectia Certifier - PKI - CyProtect AG

NOTE: There will be no changes in the product name for SSH Secure Shell version 3.2. The product name will be changed to SSH Tectia Client and Server in the future versions.

SSH Tectia™ Certifier is a Public Key Infrastructure (PKI) platform product for issuing and managing digital certificates in a service provider and enterprise environment. SSH Tectia Certifier enables the use of strong two-factor user authentication with smart cards and USB tokens to support secure access to enterprise applications. In addition to providing authentication management for SSH Tectia client/server solution, SSH Tectia Certifier can be used as a backbone for building secure services such as Virtual Private Networks (VPNs), single sign-on (SSO), and network logon based on third-party products.

SSH Tectia Certifier 2.1 brings ultimate scalability to your VPN:

Extensive Support for Two-Factor Authentication
SSH Tectia Certifier offers different deployment options including web-based self-enrollment and the use of registration authority (RA) for rolling out PKI-based two-factor authentication. Thanks to the standards-based approach, a wide variety of authentication token and smart card products can be used with SSH Tectia Certifier for secure storage of user private keys.

Multi-CA Hosting
New ‘virtual CAs’ with their own set of certificate policies and configurations can easily be created by a privileged administrator via the administration GUI without the need to invest in additional hardware. This powerful feature of SSH Tectia Certifier makes it an ideal platform for hosting a managed multi-CA service environment.

Scalable Architecture
Different front-end PKI services and the Certifier Engine can be distributed on dedicated hosts in large-scale deployments for added availability and security. Services such as enrollment, administration, and publishing can all run on separate machines if needed. Well-planned deployment allows scaling up the production as the business grows.

Flexible Certificate Policy Framework
SSH Tectia Certifier adapts to the real-life business processes of both service providers and enterprises. It provides freedom to define certification practices without technical restrictions.

Support for Multiple Certificate Enrollment Protocols
Various third-party VPN devices, remote access clients, and web browsers can be used for enrolling certificates via SSH Tectia Certifier. Costs are saved since SSH Tectia Certifier does not require the installation of proprietary desktop components.

International Character Set Support
SSH Tectia Certifier supports extensively the use of UTF-8 character encoding, which makes the product especially suitable for deployment in various Asian countries. All user interfaces of SSH Tectia Certifier are browser-based, which allows using the advanced UTF-8 features of modern browsers for both data input and output. Also, thanks to the LDAPv3 support, SSH Tectia Certifier can publish UTF-8 content in the directory.

Support for Multiple Administrative Roles
The security of the system can be improved by defining access control rules for PKI administration. Different tasks from user management to system configuration can also be given to different administrators.

Flexible LDAP Publishing
Since existing LDAP directories can be freely used regardless of the directory schema, existing enterprise directories can be used for publishing certificates and other user data. IT management becomes easier since there is no need to maintain duplicate data.

OCSP Responder Included
For online revocation data SSH Tectia Certifier includes a built-in Online Certificate Status Protocol (OCSP) responder. OCSP can be used to eliminate the risks related to the window of opportunity of CRLs.

Commercial Database Bundled
Sybase Adaptive Server Anywhere, bundled with the SSH Tectia Certifier installation package, makes installation easier since there is no need to buy a separate license and install a separate third-party database. Also, the use of a commercial database allows easy implementation of backup procedures to ensure quick recovery in case of disk failure.

Multi-Platform Support
Both the Certifier Engine and the front-end Certifier Servers can be installed either on HP-UX, Linux, Solaris, or Windows.

Key Benefits:

Flexible
PKI platform that adapts to your business processes, security policies, and applications.

Standards-Based
Wide support for standards enables SSH Tectia Certifier to fit into many different environments without the need for expensive proprietary integration work. Scalable
Ease of deployment from small pilots to large heterogeneous multi-corporate environments.

Modular
Thanks to the modular nature of SSH Tectia Certifier, it is possible to operate a large number of CAs with a single system, considerably reducing setup and administration costs.

If you have further questions, please do not hesitate to get in contact with us.