ADSS XKMS Service module provides advanced certificate validation services compliant with the W3C XKMS and PEPPOL validation protocol. A relying party can make requests to ADSS XKMS Service for certificate status checks. ADSS XKMS Server checks that the target certificate is trusted as per RFC 5280 validation policies, i.e. it is issued by a trusted CA, expiry, revocation, existence of particular key usages & extended key usages etc.
ADSS XKMS Server excels because of its scalability, resilience and ability. You can define the certificate validation profile for different validation schemes and validation policy for non-registered CAs. You can also enable the caching of CRLs, certificates in order to optimise the performance. The attention to detail in security management including optional dual control of specific features, management reporting and transaction log views of validation information, are in advance of anything seen elsewhere and these aspects are key to minimising operational time and costs.
The following image shows XKMS Service sub-modules, details of which are given in the next sections:
The following sections describe how to configure the ADSS XKMS Service.