Computer Associates ships eTrust OCSPro, delivering real-time validation of digital certificates

Computer Associates International, Inc. (CA) has announced the release of eTrust OCSPro, a scalable and distributed Online Certificate Status Protocol responder. OCSPro significantly enhances Public Key Infrastructure (PKI) implementation by enabling real-time administration and application of digital certificates - eliminating the potential for out-of-date or poorly synchronized certificate data that exists with the use of conventional PKI deployments.

By providing a method for validating digital certificates in real-time, OCSPro allows organizations to quickly enable and disable eBusiness relationships without compromising their own security or that of their trusted partners.

"In today`s global environment, periodic Certificate Revocation Lists (CRLs) are unacceptable," explained Simon Perry, CA vice president, security solutions. "Any digital certificate compromise needs to be known instantly and can`t wait for the next CRL issuance. The real-time validation of certificates that eTrust OCSPro provides solves this problem - eliminating the significant financial and legal exposure that can result from compromised keys."

OCSPro implements the Online Certificate Status Protocol, an IETF standard that allows any client application to obtain the current status of a digital certificate from a trusted authority in real time. It allows Certificate Authorities to authenticate customers and their trading partners globally, on an as-needed basis.

"By rising to the challenge of developing and bringing to the marketplace truly open and interoperable directory and OCSP products, CA is delivering a proven, global, standards-compliant solution," said Kristin Kupres, chief operating officer of Identrus, a primary Certificate Authority that provides trust infrastructure for secure eCommerce worldwide.

OCSPro has become increasingly valuable to organizations as their online eBusiness relationships multiply in number and complexity. As the number of certificates in a PKI system grows, the number of certificates in each CRL also grows - increasing the demands on distribution and management processes. By using OCSPro in conjunction with CA`s proven eTrust Directory, OCSP responders can readily cope with PKI-related communications of any scale.

CA`s eTrust OCSPro provides a completely configurable, customizable, trusted and flexible server-based system for Online Certificate Status Checking. It provides a vital component in isolating problems and allowing them to be identified and resolved quickly. It allows organizations to maintain a detailed audit trail of all status transactions and is the only OCSP responder to provide extensive alarms and traces for proactive monitoring and management. eTrust OCSPro is also designed to utilize available network bandwidth with maximum efficiency, thus minimizing costs and avoiding potential communications bottlenecks.

eTrust OCSPro is available for Windows NT4 (with SP4+) and Windows 2000, and Solaris (Sun SPARC) 2.6, 7 and 8.

CA`s eTrust solutions are integrated with CA`s Unicenter TNG Framework to provide a powerful and comprehensive solution for building, deploying and securing eBusiness. eTrust enables eBusiness by safeguarding all mission-critical resources, from the browser to the mainframe. eTrust solutions offer best-of-breed functionality - including risk assessment, attack detection, loss prevention, and more - right out of the box. Tight integration among eTrust offerings gives organizations bulletproof security across the enterprise and the flexibility to incrementally adopt eTrust solutions with the assurance they will work seamlessly with one another.