In the fast-paced world of cybersecurity, staying ahead of the curve is not just an option—it’s a necessity. At the heart of the digital security landscape, PKI (Public Key Infrastructure) has been a trusted cornerstone for safeguarding data, communications, and identities. That’s why we are thrilled to announce the release of the highly anticipated Khatim PKI Server 4.3.
With PKI Server 4.3, we’re ushering in a new era of security, packed with innovative features and capabilities that empower organizations to thrive in today’s dynamic and ever-evolving threat landscape. This release highlights:
Matter Spec Implementation: Boost IOT Security
ACME Support: Streamlined Certificate Management
AATL-Based Signatures with AWS KMS: Enhancing Digital Trust
Improved API Authentication: Via OAuth
Matter Spec Implementation: For the Next Generation IOT
PKI Server 4.3 proudly implements the Matter Spec from Connectivity Standard Alliance. Matter spec embodies a common vision that emphasizes the necessity for smart home devices and IOT to be secure, dependable, and effortlessly user-friendly. This unified standard within the industry assures a reliable and secure connectivity, acting as a seal of approval, ensuring devices seamlessly collaborate both now and in the future. Matter not only fosters more connections between diverse objects but also streamlines development for manufacturers, enhancing compatibility for consumers.
Khatim PKI Server v4.3, allows administrator to setup X.509 certificate templates for the Matter certificates including CA and end-entity certificates such as:
DAC (Digital Attestation Certificate)
PAA (Personal Attestation Authority)
PAI (Personal Attestation Information) issuance.
To configure Matter spec:
Setup PAA, PAI and DAC templates. Khatim PKI Server comes with default templates for quick usage
Generate PAA Certification Authority using PAA template
Repeat for PAI to make a Sub CA
Setup Certification Provider policies with DAC certificate templates
Send CSR to Certificate Provider policy to issue DAC certificates
Say goodbye to the complexities of certificate management! PKI Server 4.3 introduces seamless ACME (Automated Certificate Management Environment) support. ACME is the driving force behind automated certificate provisioning, making it easier than ever to obtain and manage SSL/TLS certificates. With PKI Server 4.3, you can enjoy:
Automated certificate issuance and renewal
Reducing administrative overhead
Ensuring the availability of trusted certificates when you need them
To configure ACME:
Create a Certificate Provider policy with ACME enabled
Setup the policy to issue certificate using SSL Server Auth template
Setup Key Control with CLIENT-CSR
Once done, you can use any ACME compliant software e.g. certbot to issue TLS/SSL digital certificates.
Khatim PKI Server powerful charts and reporting also help you easily see how many certificates are issued via ACME protocol and allows PKI Admin to see detailed logs for better troubleshooting.
AATL-Based Signatures with AWS KMS: Enhancing Digital Trust
Our new release supports AATL (Adobe Approved Trust List) based PDFsignatures, backed by the rock-solid security of AWS Key Management Service (KMS). This ensures that every digital signature is not just secure but also recognized and trusted globally. It’s your data, your way—secure, compliant, and unparalleled in trustworthiness. Configuring AATL based keys can be easily achieved by:
Configuring AWS KMS in System Keys > Key Vault
Import AWS hosted asymmetric Keys by providing ARN, Client ID and Client Secret
Using System Keys > Generate CSR against the imported key
Certify the CSR from any trusted AATL Certification Authority and import it back into the system
Using System keys import the issued X.509 digital certificate
Generate a signing policy and configure the signing certificate against it
Send PDF via the Restful interface of signing engine to sign PDF using any of PAdES profiles
Its that simple!
OAuth with JWT: Next-Level Authentication
Elevate your authentication game with OAuth and JSON Web Tokens (JWT). PKI Server 4.3 brings you OAuth support that integrates seamlessly with JWT, ensuring a robust, standards-based authentication process. Whether you’re signing documents or managing certificates, the power of OAuth and JWT is at your fingertips, simplifying authentication while enhancing security.
Setting up is easy.
Add client apps from Access Control
Setup Client ID and Client Secret
Assign the engines and policies
Enable authentication in each of the engine’s advance section
Now before making an API call, you need to first get an access token to authenticate the API
Embrace the Future Today
The PKI landscape is evolving faster than ever, and Khatim PKI Server is here to help you not just keep up but stay ahead of the game. With automated certificate management, top-notch security, enhanced authentication, and forward-looking innovation, it's your passport to a more secure and efficient digital world.
Contact us today to discover Khatim PKI Server 4.3!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.