Formulates, signs, and issues industry-standard X.509 version 3 public-key certificates; version 3 certificates include extensions that make it easy to include organization-defined attributes. These certificates are used for extranet and Internet authentication.

Supports the RSA public-key algorithm for signing and encryption, and the MD2, MD5, SHA-1, SHA-256, and SHA-512 algorithms for hashing.

Supports signature key lengths of up to 4096 bits for RSA.

Supports multiple message formats, such as KEYGEN/SPAC, CRMF/CMMF, and PKCS #10 and CMC for certificate requests. All requests are delivered to the Certificate System over HTTP or HTTPS.

Supports certificate formats for SSL-based client and server authentication, secure Multipurpose Internet Mail Extensions (S/MIME) message signing and encryption, and VPN clients.

Supports generating and publishing CRLs conforming to X.509 version 1 and 2.

Publishes certificates and CRLs to any LDAP-compliant directory over LDAP and HTTP/HTTPS connections.

Publishes certificates and CRLs to a flat file for importing into other resources. For example, the sample code for Flat File CRL and certificate publisher can be customized to store certificates and CRLs in an Oracle RDBMS.

Publishes CRLs to an online validation authority (or OCSP responder) for real-time certificate verification by OCSP-compliant clients.