Core Features

Khatim RA server integrates with Khatim PKI Server handling all the complex user vetting process & acting as the first line of defense before sending the certification request to Khatim PKI. PKI admin can also configure multiple CAs with a single Khatim RA server. This offloads all validations, vetting to Khatim RA Server allowing Khatim PKI Server to manage the core PKI tasks i.e. certificate issuance, revocation etc.

Websites and devices need X.509 digital certificates and they need it quickly with no manual intervention. Khatim RA Server supports both ACME (rfc8555) to issue SSL Certificates for websites & SCEP for devices (routers, switches etc.).

Khatim RA Server allows customizable manual vetting by any number of RA Admin or LRA Admins or even no vetting for low assurance certificates. All admins can provide their vetting reports in any form, be it PDF, videos, images with notes. The complete vetting history is then maintained for audit purposes.

Want to control your RA from your CRM, ECM etc. No issues, with Restful APIs, business applications remain in command of their RA be it configurations, setting up organization, vetting, plans and more. Khatim RA Server also seamlessly integrates with the following PKI protocols:

Khatim RA Server seamlessly manages X.509 certificate issuance, catering to diverse infrastructures and compliance standards, including Closed PKI, Public, and National PKI environments. Whether your needs align with closed, restricted systems or the broader, more public-facing spectrum of PKI, our solution adeptly caters to varying infrastructure requirements, ensuring comprehensive certificate handling across diverse landscapes.

Khatim RA Server simplifies managing multiple Organizations and their linked service plans. Service plans helps PKI admins setup what type of certificates an organization needs to create and any limits applied (count, expiry, vetting, agreements etc.) allowing subscriptions management super easy.

Khatim RA server is built with platform independence in mind hence supports Windows and Linux alike. You can deploy in different environments be it on-premise, private or public cloud, VMs or physical machines.

Keeping in view businesses having different cryptographic needs, Khatim RA server allows both RSA and ECDSA based X.509 digital certificates with SHA-256, 384 and 512 hashing algorithms.

Access real-time statistics reflecting your RA performance in the form of graphs. Administrators can delve into various data points such as successful and failed certificate issuance, expired or about-to-expire certificates, alerts, certificate algorithms, and more. Khatim RA Server generates daily summary reports, offering a snapshot of the day’s certificate generation details, including certificate types, failures, and alerts, empowering administrators with crucial insights.

Control your RA server administration with secure GUI based interfaces. Ensures military grade security (AES 256) to your RA server instance for administration using TLS client authentication. From policy management to transaction log viewing all can be done from a single place. For LRA admins and LRA User, authentication is done using user id password.

In instances where the Khatim RA server encounters operational disruptions, it proactively alerts administrators, prompting swift action. To ensure comprehensive tracking, all incidents are meticulously logged, providing the option to securely transmit data to central logging systems like Splunk, Grafana, Greylog, LogRhythm, and others for detailed monitoring and analysis.

The Khatim RA server diligently logs all inbound transactions and configurations for in-depth analysis, encompassing vetting details submitted. This encompasses automated API calls, interactions via ACME, SCEP protocol, or manual inputs. Administrators possess the capability to instantly retrieve and scrutinize request and response data, facilitating real-time troubleshooting whenever necessary.

Prepare for an unparalleled RA experience with the Khatim RA server! Utilize its clustering feature, enabling multiple RA servers to operate concurrently, minimizing latency. You can seamlessly integrate new RA servers without halting ongoing instances, ensuring the seamless flow of your operations. Bid farewell to sluggish performance and embrace lightning-fast CLM capabilities with Khatim RA server!

Different organization may have separate needs when it comes to key protection. Khatim RA server can be easily setup to issue X.509 certificates where private keys can resides inside any of Software (PKCS#12), Smart Card/USB tokens (PKCS#11 based) or HSMs.