SCVP Server - A scalable SCVP validation authority
Validating the trustworthiness of digital certificates can be complex and it normally requires client-side intelligence. The Server-based Certificate Validation Protocol (SCVP) standard was created specifically to allow business applications to be less aware and delegate all aspects of certificate validation to a trusted server.
IETF RFC 5055 compliant
ADSS SCVP Server is compliant with IETF RFC 5055 standard for delegated path discovery (DPD) and delegated path validation (DPV) of digital certificates. It is also FIPS 201 certified (APL#682) and is the first SCVP product to pass the updated SHA-2 NIST PKITS path discovery and validation test suite. It makes it easier for applications to use e-trust security features rather than the traditional OCSP protocol because they can delegate all aspects of certificate validation to the server. Multiple validation profiles can be defined within ADSS SCVP Server to provide these options:
- Define which CAs are to be used to build trusted chains for the end entity certificates
- Define the validation method to be used, either OCSP and/or CRL for validation where a CA is not pre-registered
- Define the acceptable Certificate Policy Object Identifiers (CP OIDs)
- Define whether to allow historical certificate validations
Using the proven ADSS Server product with a license enabled SCVP module ensures solid, reliable performance. ADSS SCVP Server can be delivered as a virtual appliance, enabling the organisation to use a server platform of choice, patched to meet the security policy requirements and with CPU and memory resources to suit the need.
Historic Validation by SCVP Server
ADSS SCVP Server can perform historic certificate validation checks. A validation request can include a date/time in the past, such as immediately after the time of signing (plus any validation grace period) for an important document. This historic validation functionality is not possible within the OCSP standard but ADSS Server supports this within the OASIS DSS, XKMS and SCVP modules – using its advanced CRL monitoring and archiving module.
ADSS SCVP Server offers an ASN.1 interface and ADSS Client SDK makes it easy to code requests to this service module using high level calls in Java and .NET. Authenticated access controls can be enforced using IP address filtering and/or client SSL certificate and/or SCVP request signatures.
Why choose ADSS SCVP Server?
Provides assured throughput, scalability and resilience
These are essential qualities for a centralised e-trust security server. ADSS SCVP Server is packed with features capable of ensuring it meets even the highest demands placed Managed Service Providers servicing multiple customer organisations.
It is easy to install, securely configure and manage
Completely GUI based, with its own purpose built installer ensures ADSS SCVP Server can be set-up and be operational in minutes. Automated tasks such as auto-archiving of transaction logs and real-time alerting ensure minimum operator time is required for maintenance or house-keeping.
Ensures low TCO & extensibility
Because of its modular architecture ADSS SCVP Server is licensed based only on the modules required. It can respond on behalf of multiple CAs thus reducing unnecessary hardware and software expenses in operating several responders. It can also be provided together with OCSP and/or XKMS services by simply updating the ADSS Server product license file to include these modules. This future proofing and investment protection is a standard capability of ADSS Server and is tremendously valuable since it allows and enables change as business needs change with no retraining..
If you need more details then review the detailed features page here and the other related links on the right of the webpage. Alternatively request a free trial or see live demos by clicking the buttons at the top of this page.
Ascertia previously used the name TrustFinder SCVP Server for this product. This name is now changed to ADSS SCVP Server to emphasise that this is just another module of our ADSS Server product.