About this Service
|
Partners
|
Support
|
FAQs
|
Contact us
Home
Signature
Creation
Signature
Verification
Certificate
Validation
Time Stamp
Issuance
Certificate
Issuance
Trusted
Archiving
Secure
Email
Back to Home page
Signing Demos
Server side signing
User Keys
PDF
XML
Files/Forms
Corporate Keys
PDF
XML
Files/Forms
Client Side Signing
GoSign Standard
GoSign Professional
Files/Forms
GriDsure OTP
Verification Demos
PDF Documents
XML Data
Files/Forms
Validation Demos
OCSP Demos
Certificate Demo
Timestamp Demos
Secure Email Demos
Signing
Verification
Certificate Issuance
Request access to
evaluation software
Contact me
Welcome to the certificate validation demonstration and information page
Facts:
A Digital Certificate is used to provide a clear identity for an end-user, a business application or a system (e.g. one or more web-servers)
Any certificate needs to have its current (or in some cases its historic) status checked to ensure that the status of the identity is considered valid and has not been revoked.
Validation can be done using CRLs or increasingly by OCSP requests (although other protocols such as SCVP and XKMS and these will feature on this site in due course.
Validation is important to establish a relationship with a trust anchor. If this is not in place then the identity should not be trusted.
Quality is an important consideration - DNV and Ascertia have defined a validation protocol that can return a quality rating for the certificate so that organisations can determine if the level of trust is sufficient for the relevant business use.
Click here
for more information on the value a digital certificate offers
Digital certificates are an entity’s public key signed by a certification authority. The CA confirms that:
The entity’s identity has been checked and its current status can be checked (using a procedure defined within its certificate policy and practise statement and validation is usually via CRL or OCSP services)
The certificate is good between defined start and end dates
Option: it may specify an intended usage purposes and provide other information
Digital Certificates have several unique advantages over other approaches:
They can be used to strongly authenticate an end-user or a system
They can be used to bind the identity of the user/system to data or documents (see digital signatures)
They can be used to encrypt data or documents for the selected recipients
They can be stored in software (e.g. within Windows) or on smartcards & HSMs
Click here
for more information on business use examples
X509v3 certificates offer well-defined interoperable standards and can be obtained from multiple sources and used with many varied types of software. However they should always be validated before they are accepted:
Used for System logon authentication – and validated using OCSP
Used for Client SSL web-server authentication – and validated using OCSP
Used for Client SSL application authentication – and validated using OCSP
As part of long-term signature creation – (see signature creation)
As part of signature verification – (see signature verification)
As part of historic signature verification – (see signature verification)
As CRL sizes grow there is increasing interest in using OCSP Validation Authorities to provide real-time certificate status information simply to reduce the CRL processing overhead at client applications and systems. For historic checking CRLs can still be used and of course they provide an authoritative evidence trail of what status information a CA actually provided at a specific date and time.
We have prepared the following live demos, simply click on the relevant hyperlinked name:
Demo
Description
OCSP Validation Authority example request/response
This demo enables you to select a certificate that will be OCSP checked against the GlobalTrustFinder OCSP VA service. Valid and revoked certificates can be checked.
Full validation of an X.509 certificate
This demo enables you to validate a certificate that exists within the demo system or one you upload. Examples of valid, expired and revoked certificates are provided.
Copyright©
2010
Ascertia Ltd. All rights reserved.