Key Components
emCA suite has following Solution components
Certificate Manager – emCA
Handles the full certificate lifecycle (issuance, renewal, revocation, archival).
Manages certificate lifecycle: issuance, renewal, revocation.
Role-based access control and M-of-N separation of duties.
Multi-factor authentication using token-based certificates.
Protocol support: SCEP, CMP, EST for automated issuance.
Certificate Transparency support.
CSR signing and cross-certification workflows.
Multi-HSM support (PKCS#11 compliant).
OCSP certificate generation and management.
Mobile PKI support.
User Enrolment – emRA
Manages KYC data and certificate requests across RAs.
Decentralized portals for RA-wise KYC and certificate requests.
Configurable vetting profiles and verification checklists.
Role-based dashboards with RA-level data segregation.
Strong authentication: password policies and 2FA.
Subscriber self-service for certificate management.
Integration with email/SMS notifications, video and document-upload verification.
eSign-enabled, paperless enrolment workflows.
Online Certificate Status Protocol (OCSP)
Provides real-time certificate status checking.
Response generation per RFC 6960/5019 and CA/B Forum rules.
HSM-based signing key storage.
Real-time record display and archival.
Time Stamping Module
Issues RFC 3161/5816-compliant timestamps.
Time-source integration (GPS - Global Positioning System, NTP – Network Time Protocol, NPL - National Physical Laboratory).
TST generation and signature by internal TSA.
Audit logging of timestamp events.
Policy-based issuance exclusively for internal use.
Key Management Module
Oversees cryptographic key generation, rotation, and retirement.
Secure key creation.
Rotation and expiry policies.
Integration with FIPS-compliant HSMs.
Hardware Security Module Integration
Supports hardware-backed key storage and operations.
Private-key protection in hardware.
Hardware-based cryptographic functions.
Resistance to physical and logical tampering.
Last updated