Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OPSEC Partners

SSH Certifier™

Product Version Certified: 2.0.5
Certified for use with: Check Point Next Generation

Product Description:  SSH Certifier™ is a PKI management application with a scalable architecture to suit various deployment sizes. SSH Certifier provides online certificate enrollment using several standard protocols, publication of certificates and CRLs to multiple directories, online certificate status services (OCSP), an unlimited number of CAs and Virtual CAs with flexible certificate policies, web based management for easy day-to-day operations. Visit http://pki.ssh.com/ for test certificates.

     
Key Features and Benefits
OPSEC Integration 		  SSH Communications Security
 
SSH Communications Security, a world-leading supplier of Internet security solutions, offers a broad range of award-winning products designed to address the most critical security issues for businesses, financial institutions and governments worldwide. SSH Sentinel™, a feature-rich remote access VPN "smart" client, and SSH Secure Shell, the award-winning product family, ensure secure remote access and data transfer. The SSH Certifier™ product family provides a robust certification authority for flexible and strong authentication through digital certificates and tokens. The market-leading, award-winning SSH IPSEC Express™ (Internet Protocol Security) and SSH QuickSec™ families of toolkits for OEMs and software developers enables fast time-to-market and reduced in-house development costs. SSH is traded publicly on the Helsinki Exchanges under HEX:SSH1V. For more information, please visit www.ssh.com.
Key Features and Benefits

Multi-CA hosting
New 'virtual CAs' with their own set of certificate policies and configurations can easily be created by a privileged administrator via the administration GUI without the need to invest in additional hardware. This powerful feature of SSH Certifier makes it an ideal platform for hosting a managed multi-CA service environment.

Scalable architecture
Different front-end PKI services and the Certifier Engine can be distributed on dedicated hosts in large-scale deployments for added availability and security. Services such as enrollment, administration, and publishing can all run on separate machines if needed. Well-planned deployment allows scaling up the production as the business grows.

Flexible certificate policy framework
SSH Certifier adapts to the real-life business processes of both service providers and enterprises. It provides freedom to define certification practices without technical restrictions.

Support for multiple certificate enrollment protocols
Various VPN devices, remote access clients, and Web browsers can be used for enrolling certificates via SSH Certifier. Costs are saved since SSH Certifier does not require the installation of proprietary desktop components.

Secure automatic online certification
Service provisioning is smooth and easy from the end user's point of view. Pre-shared keys can be used to grant certification for both employees and enterprise customers. The Internet can be used for online certificate enrolment.

Support for multiple administrative roles
The security of the system can be improved by defining access control rules for PKI administration. Also different tasks, from user management to system configuration, can be given to different administrators.

Flexible LDAP publishing
Since existing LDAP directories can be freely used regardless of the directory schema, existing enterprise directories can be used for publishing certificates and other user data. IT management becomes easier since there is no need to maintain duplicate data.

OCSP responder included
For online revocation data SSH Certifier includes a built-in Online Certificate Status Protocol (OCSP) responder. OCSP can be used to eliminate the risks related to window of opportunity of CRLs.

Commercial database bundled
Sybase Adaptive Server Anywhere, bundled with the SSH Certifier installation package, makes installation easier since there is no need to buy a separate licence and install a separate third-party database.

Multi-platform support
Both the Certifier Engine and the front-end Certifier Servers can be installed either on Linux, Solaris, or Windows.

 
OPSEC Integration

SSH Certifier integrates the key management of VPN-1® Gateway™ and VPN-1® SecuRemote™ and SecureClient™ into a single scalable solution that grows with your business. Strong, certificate based authentication with VPN-1 Gateway and VPN-1 SecuRemote and SecureClient will enhance the security of your network to a new level.