The Validation Authority solution responds to OCSP requests on the validation status of the certificates issued by a Certificate Authority. To respond to these requests, the Validation Authority solution connects with different components.
OCSP client
Multiple clients send OCSP requests to the OCSP Responder service of the Validation Authority solution.
Certificate Authority
The Validation Authority solution checks the status of certificates issued by one or multiple Certificate Authorities (CAs).
As explained in Managing Certificate Authority, the Certificate Authority solution provides built-in CRL and OCSP services. Therefore, you do not need an Validation Authority for CAs created with the Certificate Authority solution.
Certificate information source
Through Entrust CA Gateway, Entrust solutions obtain a direct feed of issued certificates from each supported Certificate Authority (CA). See the following table for the CA Gateway deployment required by each type of CA.
CA type | CA Gateway deployment |
|---|---|
Certificate Authority running on Cryptographic Security Platform | Create a Certificate Authority instance, as explained in Managing Certificate Authority, and select the built-in CA Gateway service of this CA. |
External Certificate Authority | Start up the Entrust CA Gateway solution and connect it with the external CA as explained Managing CA Gateway. |
Alternatively, the Validation Authority solution can obtain revocation information from a full or "combined" CRL published in an LDAP or HTTP server.
Validation Authority does not support partitioned CRLs.
Hardware Security Module
A Hardware Security Module (HSM) manages one or several OCSP signing keys.
Database
A database stores the status of the certificates.