The Validation Authority solution responds to OCSP requests on the validation status of the certificates issued by a Certificate Authority. To respond to these requests, the Validation Authority solution connects with different components.
As explained in Managing Certificate Authority, the Certificate Authority solution provides built-in CRL and OCSP services. Therefore, you do not need a Validation Authority for CAs created with this solution.
OCSP client
Multiple clients send OCSP requests to the OCSP Responder service of the Validation Authority solution.
Certificate Authority
The Validation Authority solution checks the status of certificates issued by one or multiple Certificate Authorities (CAs). The following methods are supported for obtaining this information:
- The Entrust CA Gateway API.
- A full or "combined" CRL published in an LDAP or HTTP server. Validation Authority does not support partitioned CRLs.
Entrust CA is currently the only issuing Certificate Authority supported by Validation Authority.
Hardware Security Module
A Hardware Security Module (HSM) manages one or several OCSP signing keys.
Database
A database stores the status of the certificates.