Certificate Authority Server

Creates a root certificate which is used to digitally sign other certificates, generate PKI key pairs, and sign firmware updates, code, and other items requiring a digital signature.

  • Secure, robust certificate creation and storage
  • Sign code, patches and updates, and individual devices
  • Track and export certificate revocations through built-in Certificate Revocation List

Have any questions?

Contact Us

Device Functionality

The Certificate Authority Server provides a robust, easy-to-use solution for creating and storing asymmetric key pairs for encrypting/decrypting and signing/validating anything that relies on a Public Key Infrastructure.

    Examples of this include, but are not limited to:

  • Establishing SSL connections
  • Authentication of individual electronic devices or documents
  • Communication encryption
  • Secure distribution of symmetric keys

It can also be used to sign data with trusted PKI keys to ensure data integrity. It can manage the entirety of the process, from creation of a self-signed root certificate and management of the subordinate certificate tree and asymmetric key pairs to management of a Certificate Revocation List.

Security and Regulatory Compliance

A FIPS 140-2 Level 3-validated hardware security module is incorporated into the key generation and loading process, providing dependable security. The device stores all required tracking and serial number information, allowing easy traceability for auditing requirements. The Certificate Authority Server device follows all necessary ISO, ANSI, FIPS, and PCI DSS regulatory requirements.

Seamless Integration and Automation

The Futurex Certificate Authority server is designed to function as a complementary product to numerous other Futurex devices, allowing you to standardize on the Futurex platform.

For organizations wishing to implement the Certificate Authority Server into environments with other proprietary devices already in production, our TR-39-certified Solutions Architects are highly experienced in crafting total turnkey solutions that allow you to seamlessly integrate our devices into your existing data encryption infrastructure.

Full automation capabilities, available via the integrated Host API, provide an ideal solution for the programmatic completion of repetitive tasks. The versatile, extensible command structure is ideal for large-scale implementation of digital signature operations.

We have designed innovative features that are available only in the Futurex Certificate Authority Server.

Functionality
  • Generates asymmetric key pairs for use in encrypting/decrypting and signing/validating data
  • Signs software code, firmware updates, digital signatures, and SSL connections
  • Integrates with the Futurex RKMS Series for remote injection of Encrypting PIN Pads for ATM and POS environments
  • Capable of tracking and exporting certificate revocations through a built-in Certificate Revocation List
Compliant with Industry Standards

    The Certificate Authority Server meets and adheres to the following compliance standards:

  • PCI DSS
  • FIPS 140-2 Level 3
  • ANSI X9.24 part 1 and part 2 — TR-39
Uncompromising Physical Security

    The Certificate Authority Server contains the following physical security features:

    • 2U hardened steel interlocking rack mounted case
    • Two unique faceplate bezel locks for securing the server to the rack
    • Tamper resistant security module (TRSM) with epoxy barrier and sensor wires to protect processor and system memory
    • Battery backup for keys in TRSM memory
    • Multi-user grouping for access restriction
Robust Logical Security
  • Dual logins required to access certificate application
  • Adjustable user control privileges within certificate application
Audit Tracking Capability
  • Provides detailed audit records and the ability to generate certificate reports
  • Easily manage internal and external audits
  • Stores all tracking information and certificate authority activity for auditing requirements
  • Maintains complete, authenticated audit log files of all activity and access
Ease of Use
  • Easy to use GUI helps reduce training and requirements for operators.
  • Quickly supports large certificate tree creation and signature batches
  • Allows for a simplified method for certificate creation
  • Certificates can be exported in PKCS #7 or X.509 formats with DER or PEM encoding, or in PGP format.
  • User group permissions control privileges within certificate application
Secure File Signing
  • Files can be digitally signed by the Certificate Authority Server using the SHA1 or PGP algorithms.
  • The Certificate Authority Server can expand .tar files, sign individual files within the archive, and then recompress it with the signature of the chosen file(s).
  • Digital signing can ensure the integrity of the file so that it can be transferred with the assurance it has not been tampered with.
Fully Automated, API-Driven Interface
  • Includes full Host API functionality for the programmatic automation of repetitive tasks
  • Versatile, extensible command structure allows additional functionality to easily be incorporated
  • Ideal for large-scale implementation of digital signature operations
  • Full turnkey solutions to fit unique environment needs may be developed with the assistance of the Futurex engineering team

Certificate Authority Server

Dimensions & Weight
  • Weight: 36 lbs (16.3 kg)
  • Width: 19 inches (48.3 cm)
  • Height: 2U - 3.5 inches (8.9 cm)
  • Depth: 18.5 inches (47 cm)
Meets Industry Compliance Standards
  • PCI DSS
  • FIPS 140-2 Level 3
  • ANSI X9.24 part 1 and part 2 for Symmetric and Asymmetric Key Management — TR-39
  • RoHS
  • FCC Part 15 - Class B
Operating Conditions
  • Power requirements: 100 - 230 VAC 50/60 Hz. 400 Watts
  • Operating temperature: 50° to 95°F (10° to 35°C)
  • Storage temperature: -40° to 149°F (-40° to 65°C)
  • Operating relative humidity: 20% to 80% non-condensing
  • Storage relative humidity: 5% to 95% non-condensing
External Hardware Requirements
  • Keyboard: Standard USB
  • Mouse: Standard USB
  • Video: Standard SVGA1024x768 at 75Hz refresh* *Note: the refresh is high speed and may not work with older monitors
Hardware Redundancy
  • Dual, redundant, hot-swappable power supplies
  • Dual, redundant Ethernet ports
  • Failover link with additional Certificate Authority Server units using the Guardian9000
Securus-Based Remote Management Capabilities
  • Master Key loading
  • User and permissions administration
  • Log management and audit reporting
  • Synchronization of keys and configuration details across multiple Certificate Authority Server devices
  • Firmware distribution and installation
Certificate Authority Server Unit Includes
  • Certificate Authority Server application CD
  • User guide
  • Mounting brackets
  • Two TRSM barrel keys
  • Cables