News

New Interoperable, Low Cost Certificate Authority Manager Eases Issuing and Managing Digital Certificates for VPN and OEM Suppliers

SSH Communications Security (SSH), the world-leading developer of Internet security and advanced cryptography solutions, today announced SSH Certifier, an application software package for issuing and managing digital certificates within an organization's PKI (Public Key Infrastructure). The new product builds on the IETF's (Internet Engineering Task Force) PKI X.509 standard, an initiative designed to promote interoperability among different vendors' PKI authentication products and services. SSH Certifier can be used to issue and manage IPsec (Internet Protocol Security) certificates for both individual users and network devices within VPNs (Virtual Private Networks) and OEM systems targeting corporate enterprise environments and ISPs (Internet Service Providers).

"Security has become one of the most business-critical concerns across enterprises today. As more organizations rely on Web-based applications to run their businesses, simple passwords or personal ID numbers are not reliable enough to ensure that Internet transactions remain confidential and secure, " said George Adams, president and CEO of SSH, Inc. "Unlike other digital certificate solutions, SSH Certifier easily integrates into the VPN or OEM network equipment supplier's product infrastructure - providing a low cost solution that is simple to manage and highly scaleable for future growth."

Giga Information Group predicts that the number of digital certificates issued worldwide will skyrocket from approximately 25 million in 1999 to 247 million by the year 2002.

Uses of SSH Certifier

SSH Provides Foundation for First Low Cost PKI Solution

By combining SSH's leading digital certificate and encryption technologies for the most widely supported protocols and standards for PKIs, SSH is enabling virtually immediate time-to-market for OEMs and enterprises desiring to implement PKI solutions. SSH Certifier is the first digital certificate application of its kind to interface with the most common commercial databases through the ODBC (Open Database Connectivity) standard, providing enterprises and ISPs a cost-effective way to secure confidential data within their existing networks and database systems without investing in additional network infrastructure. SSH Certifier also features simple Web-based configuration tools, allowing network administrators to easily install and manage digital certificates from a central or remote location.

SSH Provides Standards-Compliant Interoperability

SSH Certifier allows users to enroll in the PKI through PKIX CMP (Certificate Management Protocol) or CEP (Certificate Enrollment Protocol). Security administrators responsible for managing SSH Certifier can then authenticate users within the system, configure security policies to verify that each sender is who he or she claims to be, and approve or revoke the requests. SSH Certifier offers full support for Windows NT, Linux and Solaris, as well as interoperability with digital certificates based on the most commonly used protocols including IPsec and LDAP (Lightweight Directory Access Protocol), and algorithms such as DSA (Digital Signature Algorithm) and RSA (public key algorithm developed by Rivest, Shamir and Adleman).

SSH Provides Centralized Certificate Management for VPNs

With SSH Certifier, security administrators can centrally issue and manage digital certificates. SSH's use of the most advanced certificate enrollment protocols enables scaleable management and issuance of the certificates, even for remote-access users across the VPN. This capability is essential to keeping management costs low as businesses grow and expand their employees, customers and number of offices.

Key Components of SSH Certifier

The key components of SSH Certifier product are the Engine, the Administration Web Server and the Enrollment Gateway:

• The Engine receives certification requests from the Enrollment Gateway, makes policy decisions, signs and distributes certificates and CRLs (Certificate Revocation Lists), and communicates with the Web Server to perform database queries. By interfacing with the ODBC, the SSH Certifier Engine manages the policy information, certificate requests, already-issued certificates, revocation lists and logging information stored in databases.
  
• The Administration Web Server is an HTTP server with TLS (Transport Layer Security), and a graphical user interface that can be easily customized by modifying HTML code.
  
• The Enrollment Gateway communicates with the enrollment client using either CEP or PKIX CMP enrollment, as well as performs the server-side functions by forwarding requests to the Engine for policy decisions.
  

All of these components can be placed on separate host machines to provide more flexible options for easy integration into various environments.

Product Availability and Pricing
SSH Certifier is scheduled to ship in the end of March. Very attractive pricing options are available for OEM vendors, service providers, and enterprise IT organizations on request. Since customers are able to utilize existing database and directory services with the SSH Certifier, total cost of ownership can be remarkably lower than with products from other vendors.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.