[1] Before downloading the DSSA™ software, the web server software (IIS, Apache, etc) is selected and standard contact and organisation details are entered in a web form. The DSSA™ is then downloaded with a Unique ID [UID] Key that is automatically embedded in the accompanying config.txt file (this can be modified, as required, by an experienced Administrator).
This downloaded DSSA™ software complete with its UID/config.txt file is now unique to your organisation and can be installed on the server(s) with the web server software selected during the download process. Once installed, the DSSA™ checks the server, or device, for all the SSLs currently available on the machine and notes the expiration date of each one. If there are no SSLs present, the DSSA™ can receive commands from the server Administrator using the integral interface or command prompt entered directly in the DSSA™ to request whatever new SSL(s) may be required. This completes the installation process for that server.
The active DSSA™ then uses the UID Key and automatically connects to the CSG™ [2] to initiate the two factor authentication [3] Certificate exchange. This causes the UID to be sent to the CSG™ and subsequently to the CA [4] for validation. If the CA recognises the UID, it will have a corresponding legal contact and domain ownership information data set. If the RA Validations Department [5] of the CA has approved the data set, the UID is accepted and the CSG™ is authorised to create the two factor authentication Certificates that will be used to authenticate all communications for the DSSA™ for all future transactions.
Once the two factor authentication Certificates are exchanged, the DSSA™ is securely connected to the Trust Triangle [6] and automation occurs automatically thereafter. With the Trust Triangle established, the DSSA™ automatically manages the complete life cycle of all the Certificates on the server without any further intervention.
Important Note: As stated, the design of the DSSA™ software does not receive commands or prompts from anywhere. In fact, the DSSA™ can only be accessed or communicated with, from within itself using command prompts or the internal interface. This ensures that the security of the server is never compromised and that unauthorised access to a single server has no impact on any other server in the network. Even with multiple installations of the same copy of the DSSA™ software, throughout the same network of servers, there is no logical relationship between these servers and therefore each server remains separate, secure and autonomous. This autonomous design is a central security features of the system and is one of the unique security design principals of the entire AACD™ system.
Links:
[1] https://www.digi-sign.com/downloads/download.php?id=aacd-digi-ssl-pdf
[2] http://www2.digi-sign.com/aacd/certificate+service+gateway
[3] http://www2.digi-sign.com/two+factor+authentication
[4] http://www2.digi-sign.com/certificate+authority
[5] http://www2.digi-sign.com/validations
[6] http://www2.digi-sign.com/aacd/trust+triangle