This one of a series of a messages describing new features in Isode R14.4, scheduled to ship in April 2009. You can see all of the messages on this blog relating to R14.4 by clicking on this link
There is a close relationship between X.509 PKI (Public Key Infrastructure) and X.500/LDAP directory. It is common practice to store certificates, CRLs (Certificate Revocation Lists) and other PKI information in a directory. For a complex PKI with multiple Certification Authorities (CAs) there will be many entities publishing related information into the directory. This can be complex. Isode provides tools to manage PKI information in the directory with two types of target user:
- Those deploying Isode products, which make use of PKI to support digital signatures for a number of peer authentication and other security features. This is part of the management tool set in support of an Isode deployment.
- Those operating a PKI for other purposes, and simply using Isode servers to hold the data.
R14.4 adds a number of capabilities to make these tasks easier. Sodium has significantly enhanced display of PKI objects and in particular Certificates and CRLs in order to make more useful information available to the manager.
As a part of Certificate display, Sodium provides an option to verify the certificate. This will be done using trust anchors and other verification settings from the bind profile, so multiple profiles can be defined to give different checking environments. The checks use the same verification libraries as the Isode client and server products, so this is helpful to diagnose authentication configuration problems with Isode servers, as well as general purpose checking of PKI correctness.
The following screenshots show display of information in a CRL, and certificate verification in Sodium.
Certificate Revocation List
Certificate Verification in Sodium