| |
|
|
|
Corporate
Chained CA’s
The Chained CA Program enables certificate
interoperability for large organizations that want to create, or have
already , their own Certificate Authority. Corporate CAs are not globally
trusted and encounter problems when using their certificates to send
signed and encrypted mail to people outside of the organization. The
organization has to ask anybody who will ever receive email from them to
trust their root manually. This may lead to a security breach or loss of
confidence in the organization’s CA.
ipsCA will sign the
rooot certificates of an organization’s CA in order to allow their
certificates to be trusted for secure email (S/MIME) anywhere in the world
where standard mail clients are used. |
|
|
Browser market share as of January
2004
| Browser |
Jan.
01 |
Apr. 03 |
Jul. 03 |
Oct. 03 |
Jan.
04 |
| Internet Explorer |
75% |
77% |
75% |
75% |
73% |
| Mozilla/Firefox |
20% |
20% |
21% |
22% |
23% |
| Netscape |
3% |
2% |
3% |
2% |
3% |
| Other |
2% |
1% |
1% |
1% |
1% |
ipsCA root Certificate (IPS
SERVIDORES) was incorporated in Internet Explorer 5.01 and since then
Microsoft distributes it in every release of Internet Explorer and
Operating System. Today our root certificate is present in more than 98%
of todays browsers including Mozilla and Firefox 1.0.
. |
|
Benefits
Many organizations need to deploy an internal
Certificate Authority to ensure full control over key generation, key
management and certification policies. CA Chaining ensures that these
in-house CA’s are not isolated from the Internet community, and will be
recognized and trusted all over the globe. |
|
|
|
Requirements
An organization needs
to deploy its own Certificate Authority. It will also need to have its own
key management, physical and network security infrastructure, certificate
policies and practices and certificate management software. The
organization will also need hardware for key generation and management.
ipsCA requires that Corporate CAs wishing to be chained to our root
certificates meet the criteria outlined in the AICPA WebTrust for
Certification Authorities Program. |
|
|
For more information on
the AICPA’s WebTrust for Certification Authorities Program, or to
obtain a copy of the criteria, see
AICPA Webtrust for
CAs
| |
Limitations
Corporate
Chained CAs cannot be used for commercial certificate activities and
cannot sub chain other CAs. |
|
|
Pricing and Availability
The core chained CA service is
targeted at organizations that need to issue thousands of certificates to
their users. The requirement that chained CA's use high-availability, high
security software and hardware makes the chained CA program suitable only
for larger organizational PKI's.
The Chained CA Program is intended for
organizations that wish to certify their own employees, and have those
certificates useable for S/MIME inside and outside the organization.
Pricing varies, starting from € 24,000 per year, depending on the number
of users. The Chained CA program does not cover any type of certificate
outside S/MIME and Authentication personal
certificates |
