A PKI Validation Authority (VA) provides validation of PKI certificates.

Certificate validation services can include access to Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP) and CA chain certificate downloads.

The validation of certificates is one of the cornerstones of PKI

Since certificates can not only be issued, but also revoked, it is necessary that the certificate validity is confirmed before trusting a certificate. That is where the Validation Authority comes in.

How the Validation Authority works with the Certificate Authority

The issuing Certificate Authority is responsible for feeding the Validation Authority with certificate status updates based on the defined policy.

With CRLs, you are dependent on the issuance of a list of the revoked digital certificates by each related certificate authority (CA).

For true online certificate validation, an OCSP Responder service can be more convenient. Using a back-end-storage, a Validation Authority can request the certificate status and update it immediately upon certificate revocation.

About PrimeKey's EJBCA Validation Authority

EJBCA Validation Authority (VA) enables on-line certificate verification, by use of OCSP or CRLs.

Explore EJBCA Validation Authority