What is contained in an ACES Device Certificate?

ACES TLS/SSL and ACES VPN IPSec Certificates are issued by the IdenTrust ACES Device CA A4, a subordinate CA of IdenTrust’s ACES CA X6, which is cross-certified with the Federal Bridge.

ACES TLS/SSL Certificates assert an X.500 Distinguished Name (DN) where the Common Name is the fully qualified domain name (FQDN) of the Server and identify the organization and organizational unit sponsoring the Server. These certificates include Extended Key Usages of Server Authentication and Client Authentication, which allow secure, encrypted communication using the Transport Layer Security v.1 / Secure Socket Layer v.3 (TLS/SSL) protocols.

ACES VPN IPSec Certificates contain a DN consisting of the device owner’s name and geopolitical organization. These certificates also include Extended Key Usages of Server Authentication and Client Authentication, as well as IPSec End System, Tunnel, User and IKE Intermediate key usages.

How does my Organization Purchase ACES Device Certificates?

For a volume purchase of certificates or if you need a quote, please send an email to governmentsales@identrust.com or call 1 (866) 763- 3346. Be sure to indicate that you are interested in purchasing ACES TLS/SSL or ACES VPN IPSec Certificates.

A quote will be provided with an order form to be completed and returned. Upon receipt of your purchase order, IdenTrust will issue vouchers to your organization to be used as payment during the certificate application process. (We will provide you with the URL for the enrollment web page used to begin the application process once we have received your purchase order.) IdenTrust will then bill your organization. While vouchers may be redeemed for six (6) months, the validity of an ACES Device Certificate starts from the time it is generated and downloaded. If you have already received a voucher, click here.

About Device Certificates

Device certificates are issued to organizations and individuals for installation on servers, routers, client machines and other components. Certificates are used to authenticate the devices and establish encryption between devices connected to a network - the Internet. TLS/SSL certificates and VPN IPSec certificates are sometimes called server certificates and client certificates, respectively.

You may wonder why and how a digital certificate can benefit you and your organization, but if you have shopped online, you have already benefited from a device certificate. For example, when an Internet company installs a TLS/SSL certificate into its host server, security is established. In simple terms, a TLS/SSL certificate issued by a trusted Certification Authority like IdenTrust verifies that when you visit www.ABC.com, the Web site really belongs to ABC and your communications will be encrypted. Before you enter your credit card number to place an order, you may notice the URL address changes from http to https and a lock icon appears. This signifies that the TLS/SSL certificate is now securing the information you have entered. When you click "Submit", your browser uses the company’s online TLS/SSL certificate to encrypt the data that is sent. In the preceding example, you do not need to have your own certificate to secure this transaction because the TLS/SSL certificate maintains the necessary security for your sensitive information as it passes over the Internet.

Similarly, a VPN IPSec certificate creates an authenticated, encrypted channel between two devices connected through a network. When the two machines are establishing an encrypted connection, they verify each other’s digital certificates. The certificates help establish trust between the two machines.