Security Certificate Management

Cryptlib security certificate management capabilities means it can import and export certification requests, certificates, certificate chains, and CRLs, covering the majority of certificate transport formats used by a wide variety of software such as web browsers and servers.

In addition Cryptlib supports X.509v3, IETF, S/MIME, SET, and SigG certificate extensions and many vendor-specific extensions including ones covering public and private key usage, certificate policies, path and name constraints, policy constraints and mappings, and alternative names and other identifiers. This comprehensive coverage makes Cryptlib a single solution for almost all certificate processing requirements.

The certificate types which are supported include:

Basic X.509 version 1 certificates
Extended X.509 version 3 certificates
Certificates conformant to the IETF PKIX profile
SSL server and client certificates
S/MIME email certificates
SET certificates
SigG certificate extensions
AuthentiCode code signing certificates
IPSEC server, client, end-user, and tunnelling certificates
Server-gated crypto certificates
Time stamping certificates

In addition Cryptlib supports all X.509v3, IETF, S/MIME, SigG, and SET certificate extensions and a many vendor-specific extensions including ones covering public and private key usage, certificate policies, path and name constraints, policy constraints and mappings, and alternative names and other identifiers. This comprehensive coverage makes Cryptlib a single solution for almost all certificate processing requirements.

The diagram below shows a typical Cryptlib application, in which it provides the full functionality of both a CA (processing certification requests, storing the issued certificates locally in a certificate database, and optionally publishing the certificates on the web or in an LDAP directory) and an end entity (generating certification requests, submitting them to a CA, and retrieving the result from the web or a directory service).