V-CA Certificate Management and Issuance Solution

V-CA is a high-performance Certificate Management and Issuance solution with high customization capabilities. V-CA provides a full set of features and components of a PKI system, including OCSP, RA Service, Publisher... forming a complete and comprehensive PKI system.

Additionally, V-CA has the following distinctive points:

  • Provides the ability to build CAs at multiple levels, unlimited in quantity.
  • Supports RSA algorithm with key lengths up to 4096 bits.
  • Supports DSA algorithms with key lengths up to 1024 bits.
  • Supports hash functions like MD5, SHA-1, SHA-256.
  • Certificates issued strictly comply with X509 standards.
  • Strict compliance with Vietnamese legal regulations such as Decree 130; Circular 06…

Solution intended for:

  • Organizations providing Public Digital Signature Authentication services (ViettelCA, VNPTCA, FPTCA…)
  • Organizations providing dedicated Electronic Signature, Digital Signature services such as Banks like Aribank, Vietcombank, ACB…

The overall model of V-CA is as follows:

(Overview model of the V-CA solution)

Description of V-CA Components

Component Function Description
CA - Supports RSA algorithm with key lengths up to 4096 bits.
- Supports DSA algorithms with key lengths up to 1024 bits.
- Supports ECDSA algorithms.
- Supports hash functions like MD5, SHA-1, SHA-256.
- Certificates issued strictly comply with X509 standards.
- Additionally, one can choose the type of publisher they want such as LDAP, dynamic directories (AD - Active Directory) or a self-made publisher connection.
- Certificate issuance always adheres to X509 standards.
- Certificate issuance can be self-signed, external CA (meaning root CA and sub CAs), or administrative CA.
- Issued in formats such as p12, JKS, PEM
- Supports LDAP, automatic CRL updates
RA - Registration Authority (RA) verifies registration information for end entities. Web supports customer profile entry, approval, and digital certificate generation.
TMS
(public, private)
Service interacting with USB token management software communicating with the system.
Functions:
- Issues new, renews digital certificates.
- Locks, unlocks USB Tokens.
- Supports other customer support tasks (certificate download, notifications…)
RA Service Service supporting issuance, renewal, revocation, reissuance of digital certificates
Token manager client Software managing digital certificates, USB tokens on customer machines.
Functions:
- Issues new, renews digital certificates.
- Locks, unlocks USB Tokens.
- Imports digital certificates, supporting digital signing libraries, USB communication on customer machines.
- Supports other customer support tasks (certificate download, system notifications…)