WebSentry is a plug-in for Web servers to enable certificate authentication to a Web site. WebSentry supports Microsoft Internet Information Server, Apache, and Netscape Web servers. WebSentry connects directly to Sentry CA through an LDAP-SSL (Secure Sockets Layer) connection and checks certificate status before each transaction occurs. This "zero-tolerance certificate revocation" method is different than most other approaches, which rely on CRLs (certificate revocation lists). CRLs are updated and distributed periodically. When a certificate is revoked there is a period when it is invalid, but this is not reflected in the CRL until the next update, leaving a window for the approval of invalid transaction requests. WebSentry's capability of providing real-time status checks directly from the CA prevents this problem.
I installed Sentry CA and Sentry RA on a Windows NT Server. The installation process took about 20 minutes for both components, and I was issuing certificates in no time. Each component installation had two parts: a set-up program to install the initial files and a Web interface to complete the configuration, generate keys, etc. A Unix installation would not be much different because the majority of the work is done through the platform-independent Web interface. I then installed WebSentry on a system running IIS and had my own self-signed SSL server running in about 30 minutes.Administration is provided through a Web server that comes with Sentry. All communication between users and CA or RA servers travels through encrypted tunnels created using SSL. The administration interface is a very clear, self-explanatory workbench, with sensitive CA operations separated from normal vetting operations. This provides easy administration in a distributed PKI environment because many vettors can be assigned enrollment operations throughout the company, thus maintaining the segregation of duties between enrollment and CA operations.
Sentry 4.0 is designed to provide trust on the Internet and to help secure e-commerce applications in a cost-effective, interoperable, scalable solution; Xcert guarantees Sentry CA's performance for 1 million users. This product excels at what it was designed to do, and I highly recommend it to any company looking to provide strong authentication for end-users or business partners via the Internet.