| 1. The browser can
be assured that the server belongs to a recognised organization
(e.g. the browser can automatically determine that it
is really talking www.xyz.com, a server run by xyz corporation,
and not to an imposter)
2. The server can, optionally, authenticate
the client
3. All communication that flows between
the browser and the server is encrypted.
VeriSign Secure Server IDs work with over 50 brands
of Web Server Software, including Microsoft IIS, Netscape
Enterprise, C2Net Stronghold Apache, Lotus Domino, and
Tand iTP Webserver. VeriSign public label server IDs
are instantly recognised by 98% of the installed base
of web browsers, making establishment of SSL sessions
quick and painless for visitors to your site |
| |
| What is VeriSign
Managed PKI™ for SSL? |
| VeriSign Secure Server IDs have proven to be the right
solution for over 55,000 organizations trying to secure
their intranet, internet, and extranet communications.
However, for many large sites, obtaining, coordinating,
renewing, and managing Digital IDs for a large number
of servers has proven to be problematic. Managed PKI
for SSL allows you to issue and manage customized corporate
certificates using our world-class certificate technology
and security infrastructure.
Managed PKI for SSL saves you time and money by providing
your organization with easy to use tools to customize
the enrolment, validation, and issuance of certificates.
You can appoint one or more individuals to serve as
your Managed PKI administrator, with full authority
to approve, renew, reject, and administer certificates.
Your end-users interact with customized, Web-based enrolment
forms to request IDs for their servers. Once your administrator
approves your certificate request, VeriSign will instantly
issue certificates, thus saving your organization the
3-5 business day lead time normally required to obtain
Secure Server Certificates.
One of the main advantages of Managed PKI is that it
lets you control your own CA (approving/rejecting/revoking
certificates) from a simple set of web pages, without
having to worry about the mundane and expensive aspects
of being a CA (backups, maintenance of hardware and
software, disaster recovery and many other items). |
| |
| What can I use
Managed PKI for? |
| Managed PKI issues your end users Secure
Server IDs which they can use to set enable secure, authenticated
sessions using SSL for your internet, intranet, or extranet
communications. If you choose to use Managed PKI for Server
IDs in Conjunction with Managed PKI for Client IDs, the
same administrator can easily manage the issuance of both
server and client IDs, making the establishment of access
restricted areas of your web site or your corporate intranet
a breeze. |
| |
| Benefits
and Features of Managed PKI? |
| Local control - Each customer's administrator
has complete control over which servers are issued a certificate.
|
Easy to use administrative
tools and reports - The administrator has easy
access to an extensive set of tools to control and manage
their CA through the Managed PKI Control Center. In
addition there is a report feature available, allowing
an administrator to monitor several aspects of their
company's certificate service. |
| Rapid turn-around – NIFTeTRUST
issues certificates as soon as we receive approval from
your administrator. |
| Easy and predictable addition and renewal of
certificates - With Managed PKI's combination
of centralized control, full reporting, customizable certificate
validity periods, and rapid turn-around, managing a farm
of hundreds or even thousands of certificates becomes
a snap. You can now predictably add, renew, or revoke
certificates, according to the time frame that makes sense
for your organization. |
Always supports the latest
standard applications –The certificates
supports Netscape and Microsoft browsers. VeriSign Managed
PKI is continually updated to support the latest applications,
at no cost to the customer and with no effort required. |
| Extensive infrastructure - VeriSign
Managed PKI's back end systems are operated in our secure
Operations center. We take advantage of the sophisticated
facilities, security, and practices to support all services.
Complete offsite backup and disaster recovery is also
included as part of the service. Providing a similar level
of support for an in-house solution would be prohibitively
expensive. |
| Adaptable to your Organizational Structure
- Customize the information required to enroll for, renew,
or revoke certificates. Appoint one administrator or multiple
administrators. Give administrators broad control over
a number of domains (e.g. abc.com, abc.net, alphabet.co.uk),
or restrict each administrator to a particular set of
domains (e.g. give one administrator control of engineering.abc.com,
give another administrator control of sales.abc.com).
With Managed PKI, you are free to tailor the tool to meet
the needs of your organization. |
|
| World Class PKI (Public Key Infrastructure)
– VeriSign is the recognized leader in developing
scaleable public key certificate systems, hence our Managed
PKI customers leverage on our technical and legal expertise
in digital signatures and certificates to have a proven
and secure PKI instantly. |
| Up and running quickly - Once NIFTeTRUST
has activated your service you can have your Managed PKI
up and running overnight, much faster than ordering a
software package, installing it, and learning to configure
and use it. |
No extensive training required
- The customer uses simple Web pages both for end user
services and administrative functions. Our extensive
certificate expertise, infrastructure, and practices
are leveraged behind the scenes, while the customer
maintains full control over the actual CA functions. |
| Less expensive - With bulk purchasing,
you get both volume discounts and the convenience of buying
certificates in bulk. There are no additional or hidden
costs. Shrink-wrapped certificate server software may
cost less to start with, but when the costs of browser
root support, hardware, networking connectivity, disaster
recovery, tape backups, operations support, security infrastructure,
etc. are added in, it quickly becomes a much more expensive
proposition. |
| No software or hardware required -
All the customer is required to have is a Web browser
supporting client certificates (Netscape Navigator or
Internet Explorer 3.0 or later) and Internet access. |
Easily distributed
- Multiple administrators can access the Managed PKI
to issue certificates at sites around the world, easily
and with minimal incremental costs. All a branch office
needs to obtain certificates is a browser with connection
to the Internet. |
| Grows with you – NIFTeTRUST
automatically upgrades the infrastructure whenever necessary
to support customer volumes as they grow. Customers can
simply use the system, without having to worry that it's
becoming overloaded. |
|
| How do I use Managed
PKI to approve, reject, or revoke subscriber certificates? |
| Managed PKI Administrators are granted access
to a special set of web pages to administer certificates.
From this location, Administrators control the authentication,
approval, revocation, and reporting functions. |
|
| How do my End Users
enrol for their Secure Server IDs? |
1. User generates CSR
2. User securely enrolls via Web
3. Pending request appears in Managed PKI Control Center
4. Administrator securely validates user enrolment request
5. VeriSign generates certificate and sends it to user's
e-mail address
6. User securely downloads ID and installs on server |
|
| How is Managed
PKI for SSL upgraded? |
| VeriSign maintains the issuing system and
all upgrades will be performed by VeriSign. Updates to
the system will be reflected in the Managed PKI Administrative
Pages under ONSITE NEWS. Upgrades to the existing services
are included within your yearly Managed PKI fee. New components
(not upgrades to existing ones) may carry additional fees,
however. |
|
| Can
Managed PKI Issue IPSEC or Client certificates? |
| Yes! In fact, the same administrator can issue and manage
all different types of certificates from the same control
center. However, you will need to order the different
services separately. |
| |
| How does Certificate
Revocation work? |
| When a certificate is revoked, its operational period
is considered terminated immediately. When an administrator
revokes a certificate, the VeriSign library is updated
to reflect this status. Managed PKI provides a CRL (certificate
revocation list) available for download, which is a list
of the certificates reflecting revoked status. |
|
