Certificate validation
Axway VA
3 min
this document provides information for configuring {{futurex}} hsms with axway va (validation authority) by using pkcs #11 libraries for additional questions about your hsm, see the relevant administrator guide application description the validation authority server (va server) product ensures the integrity and validity of online transactions by delivering real time validation of digital certificates issued by any certification authority (ca) it is a robust server application that enables the most widely used secure internet applications to validate digital certificates va server has the following elements a va validation server that acts as either a repeater or responder operating on a windows or linux platform a web based va administration server that provides centralized management of your validation processing components through an admin ui based on its server license, you can set up va server to operate as either a responder or a repeater as a responder, va server also offers support for hsms, a critical component that provides the highest level of security and performance for protected key storage, high speed signatures, and hardware key generation the va server maintains a store of digital certificate revocation data by obtaining the issuing ca certificate revocation list (crl), a cumulative list of revoked certificates va server is ca neutral and supports multiple cas, several different trust models, and ca specific validation policies it also supports multiple validation policies that clients can reference in a server based certificate validation protocol (scvp) request to specify authentication and authorization requirements to validate a digital certificate, a client application can query the va server rather than performing the cumbersome task of obtaining and processing the entire crl every time it encounters a digital certificate client applications can query the va server by using open standard protocols, including the online certificate status protocol (ocsp) defined by rfc 6960 (formerly 2560) and the scvp defined by rfc 5055 clients can use scvp to delegate the entire certificate validation operation, including path construction and intermediate ca validation, to the va server guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration