Axway VA
The purpose of this document is to provide information regarding the configuration of Futurex HSMs with Axway VA (Validation Authority) using PKCS #11 libraries. For additional questions related to your HSM, see the relevant administrator’s guide.
The Validation Authority Server (VA Server) product ensures the integrity and validity of online transactions by delivering real-time validation of digital certificates issued by any Certification Authority (CA). It is a robust server application used for enabling the most widely used secure Internet applications to validate digital certificates.
VA Server is comprised of a VA validation server acting as either a Repeater or Responder operating on a Windows or Linux platform, and a web-based VA administration server that provides centralized management of your validation processing components through an admin UI.
Based on its server license, VA Server can be set up to operate as either a Responder or a Repeater. As a Responder, VA Server also offers support for hardware security modules (HSM), a critical component that is designed to provide the highest level of security and performance for protected key storage, high-speed signatures and hardware key generation.
The VA Server maintains a store of digital certificate revocation data by obtaining the issuing CA Certificate Revocation List (CRL), a cumulative list of revoked certificates.
The VA Server is CA neutral, and supports multiple CAs, several different trust models, and CA specific validation policies. To validate a digital certificate, a client application can query the VA Server rather than having to perform the cumbersome task of obtaining and processing the entire CRL every time it encounters a digital certificate. Client applications can query the VA Server utilizing open standard protocols, including the Online Certificate Status Protocol (OCSP) defined by RFC 6960 (formerly 2560) and the Server-Based Certificate Validation Protocol (SCVP) defined by RFC 5055. Clients can use SCVP to delegate the entire certificate validation operation, including path construction and intermediate CA validation, to the VA Server. VA Server supports multiple validation policies that clients can reference in a SCVP request to specify authentication and authorization requirements.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see applicable guide for configuring HSMs with the Guardian Series 3.