Axway Validation Authority Suite – The Most Widely Deployed Validator of Digital Certificates

Axway VA Suite protects mission-critical infrastructures by ensuring that revoked or invalid credentials cannot be used for secure email, smart card login, network access (including wireless), or other sensitive electronic transactions. With support for caching and replication of revocation data regardless of format, VA Suite enables cost-effective scalability across a wide range of operational environments, including hardware-software appliances and Java-based solutions for distributed or hosted environments.

Banks, businesses, governments, and defense organizations across the globe use Axway VA Suite for real-time validation of digital certificates within PKI environments.

Using protocols like OCSP and CRLs can help identify revoked entities; but knowing whose credentials are bad is just the tip of the information iceberg.

Validation is constantly evolving, and Server-based Certificate Validation Protocol (SCVP) is the emerging new standard. While OCSP-based certificate validation provides revocation status of digital certificates in a highly performant and scalable manner, VA Suite’s SCVP technologies take access validation to the next level, enabling applications to delegate both revocation-checking and path validation to a trusted server in a single request.

SCVP enables harvesting of an entity’s credential for the full range of their access rights, cross-validated across multiple certificate chains by highly accredited certification issuers. In real-world terms, this means that not only do you know John Smith’s credential status, you can also:

  • Enforce which applications and/or network locations John is authorized to access;
  • Enforce John’s level of email access and which corporate policies apply to his account, be he an IT admin or an HR director;
  • Federate John’s physical access rights across multiple buildings and/or geographic locations;
  • Provide visibility into the what, where, and when of each and every instance of physical and logical access.

VA Suite consists of several products that provide a flexible and robust certificate validation solution for both standard and custom desktop and server applications:

  • Validation Authority Server, a high-performance multi-platform server that processes client digital certificate status queries using a variety of protocols, including OCSP, SCVP, CMP, Compact CRL and VACRL.
  • Server Validator, a flexible client application for validating digital certificates from the most widely used secure Web servers and Web application servers.
  • Desktop Validator, a flexible client application that enables Microsoft Windows-based desktop and server applications to validate digital certificates via the Microsoft Cryptographic API (CAPI).
  • Validator Toolkit, a complete set of certificate validation functions, source code examples, and reference manuals that enables certificate validation integration into commercial or custom applications developed in C/C++ or Java.

These components may be used together or, leveraging open standards, integrated with existing solutions using OCSP or SCVP (RFC 5055).

VA Suite is CA-neutral and supports all widely adopted international security standards and open technologies:

  • Certified to meet Common Criteria (EAL 3), FIPS 201, NIST PDVAL, FIPS 140-2, and DoD JITC standards
  • SCVP compliant (RFC 5055)
  • Entrust-ready and IdenTrust-compliant
  • Part of the IdenTrust, SWIFT Trust Act, BACS, and Global Trust Authority financial trust infrastructures
  • Interoperable with leading cryptographic hardware, including products certified to FIPS 140-2 Level 3 and 4, as well as smart cards such as the DoD Common Access Card and the Federal Personal Identity Verification Card or national eID-card.

Validation Authority Brief :: PDF File Validation Authority Product Brief


Login Form