Futurex supports the orchestration of certificate deployment both through the KMES Series 3 as a certificate authority, and also through integrations with external certificate authorities. The primary purpose of these integrations is to incorporate third-party certificate authorities with a FIPS 140-2, Level 3, PCI-validated platform. This provides organizations the ability to generate self signed certificates or their own root CAs, while also importing third party CAs.
The integration of third party CAs are managed through the registration authority process. Registration authorities (RAs) approve and deny requests for certificates, also known as certificate signing requests (CSRs). The RA presides over and assists the Certificate Authorities (CAs) by informing them of which certificates can be issued. Upon approving a CSR, the RA has validated the identity and registration information of the user, and permitted the CA to issue a certificate.
Integrating with third-party certificate authorities offers a number of key benefits, including the ability to:
- Automatically download successfully signed requests submitted by the RA
- Utilize Futurex approval requirements
- Revoke signed requests from the RA
- Resign requests from the RA
- Cancel pending orders
- Utilize rate limiting mechanisms
Cloud Credentials are used to allow the KMES Series 3 device to interface with third party services. The Cloud Credentials menu on the KMES Series 3 stores the imported API Key that authenticates the KMES Series 3 to the third-party service.
