Manufacturer-Class Certificate Authority Server

Creates a root certificate which is used to sign other certificates, generate PKI key pairs, and sign firmware updates, code, individually-manufactured devices, and other items requiring a digital signature.

  • Secure, robust certificate creation and storage
  • Sign code, patches & updates, and individual devices
  • Track and export certificate revocations through built-in Certificate Revocation List

Have any questions?

Contact Us

Device Functionality

The Manufacturer-Class Certificate Authority Server provides a robust and easy-to-use solution for creating and storing asymmetric key pairs for encrypting, decrypting, signing, and validating anything that relies on a Public Key Infrastructure.

    Examples of this include, but are not limited to:
  • Establishing SSL connections
  • Authentication of individual devices
  • Communication encryption
  • Remote Key Management Server connections

It can also be used to sign data with trusted PKI keys to ensure data integrity. It can manage the entirety of the process, from creation of a self-signed root certificate and management of the subordinate certificate tree and asymmetric key pairs to management of a Certificate Revocation List.

Security and Regulatory Compliance

A FIPS 140-2 Level 3 Tamper Resistant Security Module (TRSM) is incorporated into the key generation and loading process, providing dependable security. The device stores all required tracking and serial number information, allowing easy traceability for auditing requirements. The Manufacturer-Class Certificate Authority Server device follows all the necessary ISO, ANSI, FIPS, and PCI DSS regulatory requirements.

We have designed innovative features that are available only in the Futurex Manufacturer-Class Certificate Authority Server.

Functionality
  • Generates asymmetric key pairs for use in encrypting/decrypting and signing/validating data
  • Signs software code, firmware updates, digital signatures, and SSL connections
  • Integrates with the Futurex Remote Key Management Server for remote injection of Encrypting PIN Pads for ATM and POS environments
  • Capable of tracking and exporting certificate revocations through a built-in Certificate Revocation List
Industry Compliance Standards

    The Manufacturer-Class Certificate Authority Server meets and adheres to the following compliance standards.

  • FIPS 140-2 Level 3
  • ANSI X9.24 part 1 and part 2 — TR-39
Uncompromising Physical Security

    The Manufacturer-Class Certificate Authority Server is a FIPS 140-2 Level 3-certified hardware security device with the following physical security features:

    • 2U hardened steel interlocking rack mounted case
    • Two unique face-plate bezel locks for securing the server to the rack
    • Tamper resistant security module (TRSM) with epoxy barrier and sensor wires to protect processor and system memory
    • Battery backup for keys in TRSM memory
    • Multi-user grouping for access restriction
Robust Logical Security
  • Dual logins required to access certificate application
  • Adjustable user control privileges within certificate application
Audit Tracking Capability
  • Provides detailed audit records and the ability to generate certificate reports
  • Easily manage internal and external audits
  • Stores all tracking information and certificate authority activity for auditing requirements
  • Maintains complete, authenticated audit log files of all activity and access
Ease of Use
  • Easy to use GUI helps reduce training and requirements for operators
  • Quickly supports large certificate tree creation and signature batches
  • Allows for a simplified method for certificate creation
  • Certificates can be exported in PKCS7 or X509 formats with DER or PEM encoding, or in PGP format
  • User group permissions control privileges within certificate application
Secure File Signing
  • Files can be digitally signed by the Manufacturer-Class Certificate Authority Server using the SHA1 or PGP algorithms
  • The Manufacturer-Class Certificate Authority Server can expand .tar files, sign individual files within the archive, and then recompress it with the signature of the chosen file(s)
  • Digital signing can ensure the integrity of the file so that it can be transferred with the assurance it has not been tampered with

Manufacturer-Class Certificate Authority Server

Dimensions & Weight
  • Space: 2U
  • Weight: 36 lbs (16.3 kg)
Meets Industry Compliance Standards
  • PCI DSS
  • FIPS 140-2 Level 3
  • ANSI X9.24 part 1 and part 2 for Symmetric and Asymmetric Key Management — TR-39
Operating Conditions
  • Power requirements: 100 - 230 VAC 50/60 Hz. 400 Watts
  • Operating temperature: 50° to 95°F (10° to 35°C)
  • Storage temperature: -40° to 149°F (-40° to 65°C)
  • Operating relative humidity: 20% to 80% non-condensing
  • Storage relative humidity: 5% to 95% non-condensing
External Hardware Requirements
  • Keyboard: Standard USB
  • Mouse: Standard USB
  • Video: Standard SVGA1024x768 at 75Hz refresh* *Note: the refresh is high speed and may not work with older monitors
Manufacturer-Class Certificate Authority Server Unit Includes
  • Manufacturer-Class Certificate Authority Server application CD
  • User guide
  • Mounting brackets
  • Two TRSM barrel keys
  • Cables