Axway Validation Authority (VA) Suite

Safeguard mission-critical PKIs with immediate certificate validation.

More than a million users across the US Department of Defense and civilian agencies rely on Axway software for real-time validation of digital certificates, including certificates stored on CAC cards, PIV cards and in software.

While organizations that have a small digital certificate footprint can simply use the operating system to parse through a Certificate Revocation List (CRL) to determine a certificate’s validity status, that same process won’t work in organizations that have a large certificate footprint – because the CRLs are so huge that parsing through them results in unacceptable latency. The solution is to transform (“pre-compute”) the CRL data into an OCSP (Online Certificate Status Protocol) database – where the certificate lookup will be much faster. The Axway Validation Authority (VA) software suite not only provides this important capability, but also is virtually out-of-the-box-ready to work with DOD and other Federal Government Certificate Authorities.

Axway VA Suite Key Capabilities

Implement a responsive, flexible, and CA-neutral certificate validation solution with broad standards support

The Axway Validation Authority software suite is CA-neutral and supports all widely adopted international security standards and open technologies:

  • Interoperable with smart cards like the DoD Common Access Card, the Federal Personal Identity Verification card, or the national eID-card -- as well as leading cryptographic hardware, including products certified to FIPS 140-2 Level 3 and 4
  • Certified to meet Common Criteria (EAL 3), FIPS 140-2, FIPS 201, NIST PDVAL, and DoD JITC
  • OCSP and SCVP compliant (RFC 2560, RFC 5055)
  • Entrust-ready and IdenTrust-compliant
  • Part of the IdenTrust, SWIFT Trust Act, BACS, and Global Trust Authority financial trust infrastructures.

Prevent revoked credentials from being used for smart card login, network access (including wireless), secure email, or other sensitive electronic transactions.

Axway VA Servers (“Responders” and “Repeaters”) are sophisticated digital certificate status providers that process client queries using a variety of protocols, including OCSP, SCVP, CMP, and VACRL.

The VA Responder Server maintains an OCSP database of signed digital certificate revocation information pre-computed from the Certificate Revocation Lists (CRLs) that are automatically downloaded from the issuing Certificate Authorities.  The VA Repeater Server provides a cloned copy of the OCSP database to support distributed environments. 

To validate a digital certificate, a client application can simply query the VA Server -- rather than performing the cumbersome task of obtaining and processing the entire CRL every time it encounters a digital certificate.  Axway offers VA client components for Windows servers and workstations and for Linux servers.  The Axway VA clients not only ensure that revoked certificates can’t be used, but also provide extensive failover capabilities to circumvent network and server problems.

Axway VA Suite — Components for Specific Requirements

Axway provides both server and client components as part of the Validation Authority suite:

VA Responder server, pre-computes and signs the certificate validation responses for all of the data on huge CRL lists. 

VA Repeater server, provides a local cache of the signed pre-computed responses (obtained from the Responder.)

VA Desktop Validator Enterprise client, runs on Domain Controllers and Windows IIS servers.  Required for smartcard login with Active Directory.

VA Desktop Validator Standard client, runs on users’ PCs.  It checks the validity of certificates presented by the Domain Controllers, as well as of certificates used by PC-based applications – such as the encryption and signing certificates needed for encrypted email.

VA Server Validator client, runs on Linux and Solaris servers that host applications (such as Apache) that need to validate certificates.

Deploy VA Server Responders and Repeaters in distributed environments

Experience the lowest total cost of ownership for distributed computing environments with VA Server Responders and Repeaters that can be installed in less than 30 minutes.


Enable rapid certificate validation in Windows-based desktop and server applications

VA Desktop Validator is a flexible client solution that allows digital certificate validation in the most commonly used Microsoft Windows-based desktop and server applications. VA Desktop Validator integrates seamlessly with any Microsoft Cryptographic API (CAPI)-compliant client or server application.  The Desktop Validator Enterprise version is available for Domain Controllers to support rapid validation of smartcard authentication certificates for workstation login, while the Desktop Validator Standard version supports rapid validation of smartcard signing and encryption certificates used for encrypted email and other workstation applications.

Enable rapid certificate validation on secure web and application servers

Desktop Validator Enterprise also supports rapid validation of smartcard and software certificates by Microsoft IIS web server applications, while Server Validator provides that capability for Linux server applications that use Apache, Oracle Application Server 11i, and BEA WebLogic.

Save development time and money with the VA Validator Toolkit

The VA Validator Toolkit provides a library of certificate validation functions, source code examples, and reference manuals to enable developers to add OCSP capabilities to their applications.  And, Axway Professional Services is available to provide consulting services to help ensure you’re successful with your development and implementation projects.

Keeping your PKI safe and sound is as easy as 1-2-3.

Let’s talk.