img
Home > Mechanisms > Certificate Validation Service

Certificate Validation Service

Certificate Validation Service

A certificate validation service (CVS) provides certificate validation using revocation checking with the Online Certificate Status Protocol (OCSP) or the Server-based Certificate Validation Protocol (SCVP) for all aspects of validation checking, as shown in Figure 1. Complete certificate validation requires that the certificate is issued from a trusted source, which requires building a validated chain of intermediate certificates up to a trusted root by checking all of their digital signatures. The certificate must be within its validity period, within its appropriate usage, and not revoked.

Figure 1 - An example of a CVS providing certificate revocation status.

A CVS consumes CRLs containing serial numbers of all the certificates that are revoked. When provided with a particular certificate or group of serials, the CVS responds with good, bad, or unknown. The CVS signs individual responses and can validate certificates referencing stale CRLs while notifying administrators of the situation.

An organization normally uses certificates throughout the enterprise that must be validated. Some applications normally stop working if a required CRL is expired. Others will time out and continue to operate. In either case, there is uncertainty as to how an enterprise will be impacted when CRL failures occur. A CVS that signs responses mitigates CRL failures and provides increased network performance as individual applications do not need to download CRLs separately.

Related Patterns:

CloudSchool.com Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security
CloudSchool.com Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.

Cloud Computing Design Patterns

This cloud computing mechanism is also covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit www.arcitura.com/books.