Enterprise Integration, Security & Technology Solutions
Axway - Global
- Argentina - Spanish
- Australia - English
- Austria - German
- Belgium - English
- Brazil - English
- Canada - English
- Central America - Spanish
- China - English
- Denmark - English
- Finland - English
- France - French
- Germany - German
- Hong Kong - English
- Ireland - English
- Italy - Italian
- Japan - English
- Korea - English
- Luxembourg - English
- Malaysia - English
- Mexico - Spanish
- Morocco - French
- Netherland - English
- New Zealand - English
- Norway - English
- Other - English
- Russia - English
- Singapore - English
- South America - Spanish
- Spain - Spanish
- Sweden - English
- Switzerland - French
- Switzerland - German
- Switzerland - Italian
- Turkey - English
- United Kingdom - English
- United States - English
Axway Desktop Validator – Digital Certificate Validation for CAPI-Compliant Windows Applications
VA Desktop Validator is a flexible client solution that enables digital certificate validation in the most commonly used Microsoft Windows-based desktop and server applications. Integrating seamlessly with any Microsoft Cryptographic API (CAPI)-compliant client or server application, Desktop Validator:
- Validates digital certificates encountered by PKI-enabled Windows applications via CRL lookups or standard protocol queries to a VA Server or other standards-based responder.
- Supports default and CA-specific digital certificate validation rules, and tightly integrates with the VA Server for automatic configuration.
- Provides a robust failover mechanism that supports multiple sources of revocation information.
- Is highly available and can be remotely installed, configured, and maintained using applications such as Microsoft SMS/SCCM Unicenter, or Microsoft Active Directory.
- Supports single sign-on applications based on digital certificates stored on smart cards such as the DoD Common Access Card, Federal Personal Identity Verification card, e-Health insurance card, e-Health patient card, and e-Identity (eID).
- Enables secure workflow applications based on digitally signed documents and secure email (S/MIME) messages.
Desktop Validator enables secure workflow applications based on digitally signed documents and secure email (S/MIME) messages.
Desktop Validator (DV) leverages the native Microsoft Windows Cryptographic API (CAPI) so it can transparently provide digital certificate validation to CAPI enabled client or server applications. DV enables digital certificate validation via standard protocol queries to a VA Server (or other standards-based responder) or via CRL lookups. The reliability and performance of CRL lookups can be greatly improved by using the VA Server and the Axway VACRL protocol to distribute CA or VA manufactured CRLs and delta CRLs to DV enabled systems.
A key application of DV is smart card login. To enable Axway’s revocation checking for users' smart card certificates, DV Enterprise is installed on the Domain Controller and DV Standard is installed on the client systems. DV can check for revocation status using different protocols, CRLs, or utilize it cache to ensure performance and a high degree of reliability.
Robust security and non-repudiation
Desktop Validator is Certification Authority (CA)-neutral and can process CRL data from multiple CA or VA sources to support complex trust models and certificate policy controls for path processing and policy enforcement. It will perform end-to-end certificate validation if one or more intermediate CAs are used and the validation policy requires a complete certificate chain validation.
Desktop Validator can communicate securely with VA Server utilizing SSL/TLS, and digitally sign requests to the VA server for deployments that require a high degree of auditability and non-repudiation. Desktop Validator also supports cryptographic hardware security modules (HSMs) via the standard PKCS #11 interface, including FIPS 140-2 Level 2, 3 and 4, which can be used to accelerate digital signing and SSL/TLS operations.
Validation caches
Desktop Validator provides support for two separate, configurable validation caches. One is an in-memory repository of all certificate validation requests, regardless of the validation mechanism. The other is a disk-resident CRL repository. Caching parameters, including the time-to-live of response and the total size of the cache, are flexible to meet the requirements of a specific deployment. Caching can improve performance and increase reliability in environments where the underlying network is not always available. Desktop Validator also offers a robust failover mechanism for querying multiple VA Servers and CRL repositories.
Automatic configuration
Desktop Validator can be automatically configured using parameters obtained from one or more Axway VA servers, precluding administrators from having to manually fetch the signing credentials of each instance. This integration, along with the ability for silent, remote installation and configuration using desktop management applications, greatly facilitates the management of Desktop Validator in large-scale application deployments.
The Validation Authority Suite also includes:
- Validation Authority Server, a high-performance multi-platform server that processes client digital certificate status queries using a variety of protocols, including OCSP, SCVP, CMP and VACRL.
- Server Validator, a flexible client application for validating digital certificates from the most widely used secure Web servers and Web application servers.
- Validator Toolkit, a complete set of certificate validation functions, source code examples and reference manuals that enables certificate validation integration into commercial or custom applications developed in C/C++ or Java.
© 2013 AxwayAll rights reserved.
RSS
Facebook
Twitter
Blog