What is a Validation Authority?
A PKI Validation Authority (VA) provides validation of PKI certificates.
Certificate validation services can include access to Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP) and CA chain certificate downloads.
The validation of certificates is one of the cornerstones of PKI
Since certificates can not only be issued, but also revoked, it is necessary that the certificate validity is confirmed before trusting a certificate. That is where the Validation Authority comes in.
How the Validation Authority works with the Certificate Authority
The issuing Certificate Authority is responsible for feeding the Validation Authority with certificate status updates based on the defined policy.
With CRLs, you are dependent on the issuance of a list of the revoked digital certificates by each related certificate authority (CA).
For true online certificate validation, an OCSP Responder service can be more convenient. Using a back-end-storage, a Validation Authority can request the certificate status and update it immediately upon certificate revocation.
About PrimeKey's EJBCA Validation Authority
EJBCA Validation Authority (VA) enables on-line certificate verification, by use of OCSP or CRLs.