Browse Prior Art Database

System for a Single CA Request to Generate Multiple Certificates and Method for Failover Support between the Multiple Certificates

IP.com Disclosure Number: IPCOM000243557D
Publication Date: 2015-Sep-30
Document File: 3 page(s) / 83K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a system and method for requesting multiple non-overlapping Secure Sockets Layer (SSL) certificates valid from a Certificate Authority (CA), in a single transaction with the CA. The system comprises a mechanism to request a plurality of certificates for a variety of date ranges, possibly with validity beginning in the future, which enables the creation of a single CA request for failover with multiple certificates.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 3

System for a Single CA Request to Generate Multiple Certificates and Method for Failover Support between the Multiple Certificates

Clients buy, deploy, and configure applications with a Secure Sockets Layer (SSL) component with a certificate from a Certificate Authority (CA) and then forget about it for the certificate's duration of validity (often 2 years). Upon the expiration of the certificate, the client must find the resource (i.e. person) that originally configured the application, has knowledge of the versions used (now years old), and both access and experience to generate a new request, transfer it to the certificate authority, and reconfigure the application to use the new certificate valid for another span of time. Clients go through this cycle various times depending on the life cycle of the owned application.

A method is needed to alleviate the need for this expertise and scramble to get

applications fixed every few years when a certificate is no longer valid. Further, help is needed for situations in which the main certificate is compromised or revoked.

Currently, a CA request does not allow failover support or request for multiple CAs in a single request. A client can only request a single CA, after that, the client has to initiate another request.

The novel contribution is a system and method for requesting multiple non-overlapping SSL certificates valid from a CA, in a single transaction with the CA. The system comprises a mechanism to request a...