Khatim PKI Server 4.2 is Released – PKI Simplified!
The team at Codegic is delighted to introduce the next version Khatim PKI & OCSP Server packed with advanced features and increased functionality. This new version continues to provide organizations with unparalleled security, transparency and simplicity for PKI operations. From stronger encryption algorithms to integration with emerging technologies, Khatim PKI Server product is set to revolutionize CA & OCSP management. Setting up PKI and management is complex with multiple crypto pieces adding a lot of risk. Khatim PKI Servers reduces these risks making PKI management quick and simple. Here we touch upon some of the new features which set’s us apart.
Some of the new features of Khatim PKI Server is:
- More PKI Insights with Graphs
- Simplified Certification Authority Management
- Khatim OCSP Server – New Powerful features
- Improved Daily Summary Reports
- Supports WCAG v2.0
- Supports 30+ languages
More PKI Insights with Graphs
Graphs and charts play a vital role in PKI by offering valuable insights and visual representations of complex data, enabling a better understanding of certificate lifecycles, authentication trends, and system performance. PKI Admin’s love stats and so do we! Khatim PKI Server provides detailed graphs covering:
Certification Authorities
CA Stats covers many key areas like:
- Issued Certificates
- About To Expire Certificates
- Templates Used
- Signing Algorithm
- Key Info
- Weakness
PKI Admin can also filter based on:
- A particular CA
- All CAs
Certificate Provider (CP)
Certificate Provider allows business applications to interact with the CA to manage X.509 digital certificates. Some of the insights you can get are:
- Requests Count
- Call Type
- CA Alias
- Alerts
- Certificate Provider Policy
- RA Policy
- Certificate Template
- Client / Host IP
- Failures
PKI Admin can also filter based on:
- A particular CP instance
- All instances
OCSP Insights
PKI Admin can also filter based on:
- A particular OCSP instance
- All instances
Simplified Certification Authority Management
Khatim PKI Server allows admin to manage & visualize Certification Authority management making it easier for them to control. The CA dashboard shows the list of CAs in card style with critical information like:
- CA Type
- Template
- Key Vault Alias
- Key Algorithm/Size
- Subject DN
- Issuer DN
- Expiry
Using the built in, customizable Certificate templates, admins can setup Certificate Templates & multiple CAs including Root CAs, Sub CAs, Online CAs and Offline CAs. PKI Admin can use the powerful filter to search the issued certificates and CRLs.
For offline CA’s admin can also manually enter certificate information which later helps in OCSP white list checking. For online CA’s, certificates can be issued via Certificate Provider (see below) or manually via PKCS#10/CSR.
Managing issued certificates & CRLs
PKI admins can easily see the list of issued certificates from a respective CA. These can be either generated for internal usage or issued programmatically via Certificate Provider. With in the same single screen, PKI admins can also:
- Download Certificate
- Revoke / Un-revoke Certificate
- Delete Certificate
- <image of issued certificates and CRLs>
Similarly PKI admins can see the list of issued CRLs and their details issued by a particular CA.
Issued CRL List Viewer & Management
Certificate Provider
Khatim PKI Server v4.1, simplifies setting up certificate issuance policies and accessible via secure Restful interface and also improves the performance of certificate issuance. Policies can defines multiple facets like:
- Which CA is going to issue the X.509 certificate
- Which type of certificate will be issued; controlled via the Certificate Template (Code Signing, Document Signing, Email Signing, TLS Client Auth, TLS Server Auth etc.). This also controls the hash algorithm, duration and certificate extensions (Key Usage, Extended Key Usage)
- Where will be the key; Key Control (Server or Client-CSR)
- What is the key size and type; RSA, ECDSA
- Where is the key stored; KeyVault Location (HSM etc.)
- What will be the certificate subject DN (Supports 20+ DN attributes)
Developer Friendly Integrations with the CA
PKI admins can setup business applications to generate either:
- Certificate vis PKCS#10/CSR
- Certificate held on the server
Certificates issued on the server can be later used to Sign data or documents with password based authorization. Once policies are setup, business application can utilize the secure Restful interfaces of Certificate Provider for complete certificate lifecycle management:
- Certificate issuance
- Certificate revocation (Revoke/Unrevoke)
- Certificate delete
Restful Certificate Generation
Accept: application/json
Content Type: application/json
Verb: POST
Body: multipart/form-data
{ "cpPolicyId": "client-rsa-cert", "raPolicyId": "rapolicy123", "accountId": "ahmad123", "csr": "-----BEGIN CERTIFICATE REQUEST----- MIICVTCCAT0CAQAwEDEOMAwGA1UEAxMFdGFsaGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCca5wWIoHt7YXm6Q/XLEfQPisqzV4w8e2e3QfXsiZBWtckRqRniRc2IGi8G/JXGpRJ7rDv6HpWZisGbKeGrIPrmooZPnASBJ4wVLVoDm1bbMUAiBZG0wYLawHu+DBLNuBviexy9+Sk4O9KMzCljeUMPhdC+rz01wa01AjZYeX1+0CyDr6WRY+EiizRiSzKK6RQtFO69mB3sXox2pIYn+KMxCBWgLS+4h8bPQ+RvNzghp8TUHwT4hp5d7iKXFiZI5vG/m6inFHOv/v2FEOGSy3DZ+d8gbHtxxkZetRnZsdTI/8RGv8juG0HQXxQZMAZdJG7GlQtUIk2/JLcehoKxwXjAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAOD6iiuLZk73L+zyzTLPNtieGashqDVfxiAFhECki0DRMDyKaoNJjltB6Bu4HRbLcurfnmPPVqsM5ifIRLzC21+c0ESt86szRq4wBc3/UXo7xtuF/bNbT4SvTiRHDZy+b41m1xblnEATilBSf7b5wv0Pt11HFmEp6MX5WCnc3dNTUq4Og0giIqfuVrP5DcVlhtOi5qGI17YpF9F156p7HxdUrMtORTTFTDJ1tb85jXJiACbpdAvrUDyiJoAuw/2sxipiYcxMAP9BTQOsckFoe6wpIUpraTs7k+yBNknzHLTRpetTPi9sr6ZnLKVNGabe3dEtFHQjGHNYpK4sJWfJSfg==-----END CERTIFICATE REQUEST-----", "certAlias": "ahmad123" }
Certificate Generation Response
{ "responseStatus": "0", "issuedCertPem": "-----BEGIN CERTIFICATE-----\nMIIDhDCCAmygAwIBAgIUYYRe04Qm4SDA3Clfo2SZIpm8bDUwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCUEsxETAPBgNVBAMTCHdrLXN1YmNhMRAwDgYDVQQKEwdjb2RlZ2ljMREwDwYDVQQLEwhzZWN1cml0eTAeFw0yMzA2MjcxMzU3MDBaFw0yNDA2MjYxMzU3MDBaMBAxDjAMBgNVBAMTBXRhbGhhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGucFiKB7e2F5ukP1yxH0D4rKs1eMPHtnt0H17ImQVrXJEakZ4kXNiBovBvyVxqUSe6w7+h6VmYrBmynhqyD65qKGT5wEgSeMFS1aA5tW2zFAIgWRtMGC2sB7vgwSzbgb4nscvfkpODvSjMwpY3lDD4XQvq89NcGtNQI2WHl9ftAsg6+lkWPhIos0YksyiukULRTuvZgd7F6MdqSGJ/ijMQgVoC0vuIfGz0Pkbzc4IafE1B8E+IaeXe4ilxYmSObxv5uopxRzr/79hRDhkstw2fnfIGx7ccZGXrUZ2bHUyP/ERr/I7htB0F8UGTAGXSRuxpULVCJNvyS3HoaCscF4wIDAQABo4GgMIGdMA4GA1UdDwEB/wQEAwIGwDBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAGGJGh0dHA6Ly8xOTIuMTY4LjE4LjY6ODA4MS9vY3NwL2VuZ2luZTAfBgNVHSMEGDAWgBQkbFCLjk47SKciBtCZfDeU07DOUTAJBgNVHRMEAjAAMB0GA1UdDgQWBBRBc7+MscAUu1pCLR77AcbP+yDZ4zANBgkqhkiG9w0BAQsFAAOCAQEAOfGUZ76LculKnGe0dgGu3w0sBqKGNkXs+Drt8tKCW130mRIiqwxUOyPodFIQlhtuba20J8NlB66MpQ0UB6hj13bMFhdq8RTe9H4ox2mxByn8Av4sMBkLvqkj8SCzbWsy+uboGytlx1BOrgpNu1sgWow/DRGN6nP33o+5nugL7SUiPngfZG3bTzU9DlEeYFnwGKDg3A5Z8314GdH26PlTzV2T/gMuN2ACao+A3U712t+mcgablYIhDR5UZtXoSReDwLX0BPio8VobPpJtrGcrdyCkqfQQ8KOB6TpzZQs6TdyuGO7mNrX2/A9csBOzjWyZGPBuR9A4fznhyohr+Fg1/A==\n-----END CERTIFICATE-----", "certAlias": "ahmad123", "accountCertsKeysId": 13, "caChain": "MIIHvQYJKoZIhvcNAQcCoIIHrjCCB6oCAQExADALBgkqhkiG9w0BBwGgggeSMIIDxDCCAqygAwIBAgIURtrUVDrKPLSBQgK+Ol4nGBW0UZQwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCUEsxEzARBgNVBAMTCndrLXJvb3QtY2ExEDAOBgNVBAoTB2NvZGVnaWMxETAPBgNVBAsTCHNlY3VyaXR5MB4XDTIzMDYwMTA4MTIyMVoXDTI0MDUzMTA4MTIyMVowRTELMAkGA1UEBhMCUEsxETAPBgNVBAMTCHdrLXN1YmNhMRAwDgYDVQQKEwdjb2RlZ2ljMREwDwYDVQQLEwhzZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDz8yos8rbWMyjeyueqm1g6rictWk0OwzWM99peLSh+yV3w4cNq+1wB4jkcEQvSqMO4YmSS8vACrKZOdeDGASFh86GqV3uO3bvLkYP4xkVI7TSs9KjHpDHtUx+lt/jBxHTXY1nsROiTATlYRjqm0WcJRFtboMF0hoLdgQs56KyLFdC7XVvrCPiQD0id/ESSZx32jt8oYOguUuv0epAJPbyJb00f4HSdgOlSJ7FrqNUVPz2wjHoB8cp+oPAJO0cTTsDL4g/E88Pa82Z9ZmxlR872WjFA6HOA+l3D0qOZ5a1G7eXNmlQmmX+7d4Q+RmuIZkgjEM4JU3yMnTYlxYBGIjcCAwEAAaOBqTCBpjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBCjBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAGGJGh0dHA6Ly8xOTIuMTY4LjE4LjY6ODA4MS9vY3NwL2VuZ2luZTAfBgNVHSMEGDAWgBQeN5/VxmKInS+eBchqgAGD0AzdiDAdBgNVHQ4EFgQUJGxQi45OO0inIgbQmXw3lNOwzlEwDQYJKoZIhvcNAQELBQADggEBABSfFVU9L9aMdfSNmwWk2h81mSnV+G6LtTBnn3VbBrAXV8vhOXAM4lgItU4F7P/xAfRE40c9nSpItmGpcROmjpSHcca592xyXPchBoqsu0hCpfPTr+4fD6Ne0m06w4JEZ+dOdW3TssgPSyppm0LlWH4UQCMgL3t46Kk4+BMzQyOePlFt4STEYaDkN8DX5h49Q6//rfXJNxs5nf47n5a70CQrDntG4dH6tOzKEgGsjB/KHbbueihCFEZh1/3OXCkBFDLdae4zk5A9kE32QKUMMx7d+WPOgoxBJuJJ6m6+Ax1ADvgCiO+3BPHIfuzRF/zR+G7rFy6GHpUUs6ZZ+ezbd3wwggPGMIICrqADAgECAhR2iJLECiMWxRJ1yyjSsggAo4oy0TANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJQSzETMBEGA1UEAxMKd2stcm9vdC1jYTEQMA4GA1UEChMHY29kZWdpYzERMA8GA1UECxMIc2VjdXJpdHkwHhcNMjMwNjAxMDgxMTQ3WhcNMjQwNTMxMDgxMTQ3WjBHMQswCQYDVQQGEwJQSzETMBEGA1UEAxMKd2stcm9vdC1jYTEQMA4GA1UEChMHY29kZWdpYzERMA8GA1UECxMIc2VjdXJpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPVxce3ok5iTEmPQ5d8QrMaoIxOPxkXdljaXvwkLHU9VMRj/sxiWec+yiub7iL66HV02HDRDxTNs1dmRdoY0hFe14sAlcqlR1Ta08Q+DpqaHRyK2WZtJ2AYcugdZqEpQHSvFj25PlOLRDAsJUQCYeQhGWo+EIksbadpVkOX4WM8zc1mBb75KsFfPS2kPjndl6VHmB/i8/v0slF8XpofRizsKBUaJ3j3/F3/WsYfpslO9uJ2WT1uU4uufQ+f/E1U17+KWXbMaQJIV+KpAZjZ5zgwm9TwWpShP6rP7eI44/zS8GgNyDdqWUMCTgHG34u2jXfhdaNVhMhYUe/vNUZ9DyZAgMBAAGjgakwgaYwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQowQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzABhiRodHRwOi8vMTkyLjE2OC4xOC42OjgwODEvb2NzcC9lbmdpbmUwHwYDVR0jBBgwFoAUHjef1cZiiJ0vngXIaoABg9AM3YgwHQYDVR0OBBYEFB43n9XGYoidL54FyGqAAYPQDN2IMA0GCSqGSIb3DQEBCwUAA4IBAQCBkMP07cRbjYUyqLdIaZk7KYAfmswGmS6abBlUGsKPua9SexplkGqk4WgoUdCSNhlqLnJssPky9+MeuGc1jam38FoH335TKZ3j5wMceGQIX+rMy5gz1FKUQKj6m+jh5gfGAKjPcrvsXBg7CMcA88NDgAmBOFQVYvSxDInDwnEXD6ge8qsK4RVX9R5mUOo+GatDHvrzzTfIbwfN9oFzYbYPuNeumv1qAI9/5KMsyllxxgR7l+wAj/v89+g9cNNmIWElrb49jawOxD58M9kNPDi0bnyNR1je+d8APTL+LZr7VbE8eLf21hldFgT8zo2nS/yQCy3imvlFNnHSJ5TeEwujMQA=" }
Certificate Provider Transaction Logs
PKI admins can easily monitor the incoming request for certificate issuance and diagnose problems.
Khatim OCSP Server - New Powerful features
With Khatim PKI Server, the latest version of Khatim OCSP Server v4.1 is also released. This now provides both CRL based and also real-time revocation checking using CA’s issued certificate database. The performance of OCSP Server has also improved reducing the latency in revocation checking. PKI Admins can easily setup OCSP Policies which allows them to setup:
- CA’s for which OCSP is to be responded
- Use either the CA’s certificate to sign OCSP response or a delegated OCSP responder cert
- Enable Extended revocation checking
- OCSP Signing Algorithm
Advanced OCSP Transaction Log Viewer
Khatim OCSP Server has an advanced transaction log view with built in OCSP request/response viewers allowing simple troubleshooting of incoming OCSP transactions. The built in OCSP viewer gives PKI admins a transparent view of what the request/response consist of. This avoids the need for PKI Admin to export OCSP data and view in complex DER encoded OCSP data viewers.
Improved Daily Summary Reports
The latest version provides more insight on the following aspects:
- Statistics on issued certificates
- Statistics on about to expire certificates for certificates
- Statistics on OCSP Server Processing
These stats can be broken down into:
Certificate Provider stats
This provides the following critical stats data:
- Requests Status
- Failure Breakdown
- SUB_DN_NOT_FOUND
- PWD_NOT_FOUND
- DUPLICATE_CERT_ALIAS
- DUPLICATE_KEY_ALIAS
- POLICY_NOT_FOUND
- DN_INCORRECT
- CA_KEY_NOT_FOUND
- CA_CERT_NOT_EXISTS
- CSR_NOT_FOUND
- INVALID_CSR
- API Breakdown (Create, Revoke, Un-revoke, Delete etc.)
- Certificate Provider Policy Breakdown
- CA Alias Breakdown
- Template Alias Breakdown
- Host / Client IP Breakdown
Per CA stats
- Issued Certs; Count of issued, valid, revoked, expired
- Weaknesses Breakdown; Provides count of those certificate which are using a weak key size of signing algorithm
- To-be-expired certificate; with in 7, 30 or 60 days
- Templates Breakdown
- Template Count
- Key Info Breakdown
- Sign Algorithm Breakdown
OCSP Stats
- Request Status
- Policy Breakdown
- Client IP Breakdown
- Host IP Breakdown
- Cert Status Breakdown
- Signing Algo Breakdown
WCAG v2.0 Compliancy
With full support for Web Content Accessibility Guidelines (WCAG) v2.0, Khatim PKI Server ensures an inclusive digital environment for all users. We understand the importance of accessibility in today’s digital landscape, and our PKI product goes above and beyond to provide an accessible user experience without compromising on security or functionality. Empower your organization with a PKI solution that embraces inclusivity and compliance, while delivering robust security and seamless certificate management.
Supports 30+ languages
Our feature-rich PKI product goes beyond language barriers, providing support for over 30+ languages, including English, German, French, Spanish, Portuguese, Russian, Italian, Polish, Ukrainian, Romanian, Dutch, Turkish, Greek, Hungarian, Swedish, Czech, Portuguese, Serbian, Bulgarian, Croatian, Danish, Finnish, Norwegian, Slovak, Catalan, Lithuanian, Bosnian, Galician, Slovene, Latvian, Estonian, Welsh, Icelandic and Irish.
We recognize the importance of global accessibility and strive to eliminate language limitations in digital security. With our solution, users from diverse backgrounds can seamlessly navigate and interact with the PKI system in their preferred language. Experience the power of multilingual support combined with top-notch security, empowering your organization to operate effectively on a global scale while ensuring linguistic inclusivity.