OCSP provides immediate certificate validation, enabling real-time verification of a certificate's revocation status
Reduces the overhead of checking certificate status by requesting and receiving responses from the dedicated OCSP server
Handle large-scale deployments for distributed infrastructure and load balancing across multiple servers
Get detailed information about individual certificates, allowing for more precise revocation checking
Support different validation models, such as basic and nonce-based, providing flexibility to meet various security requirements
By validating certificate revocation status, prevent the use of compromised or expired certificates, bolstering security
With emCA's Validation Engine, organizations can maintain a revocation list which can be queried offline to identify the status of the certificate used on the signed data received. While an OCSP can do this more efficiency, a CRL alone may suffice in cases where such validation needs to be done offline, or where the data set is not expected to scale. In short, emCA CRL can work independent of network connectivity and without the OCSP responder.
emCA Validation Authority seamlessly connects with emCA Certificate Engine to automatically update and maintain a list of expired and revoked identities. This means that at any time, you can manage your identities from a single dashboard with the assurance that revocation will be taken care of automatically.
Since emCA CRL does not require real-time connectivity to validate identities, it's easier to deploy, with lesser infrastructure requirements, while still getting the job done. However, for high volume validation use cases, we strongly recommend the OCSP engine, which comes as part of emCA Validation Authority Package by default.
emCA supports a multi-hierarchy CA ecosystems. This means, you can have multiple Roots and Issuing CA's as one organizations for different use cases. emCA Validation Authority helps you centralize all the identities you don't trust across all hierarchies to provide a transparent view of your trust ecosystem.
As a standards based solution, emCA Validation Authority (and CRL) works across multiple systems that support common cryptographic standards like x.500, where CRL's have to be maintained separately and validated at the time of receiving signed data.
Validation systems and CRL's are often a matter of compliance and best practices in the world of PKI. After all, it's important to ensure that the digital identities you interact with are current, and in several cases, not blacklisted in the countries you operate. Validation helps organizations prevent interactions with blacklisted persons and individuals where country-level lists are maintained. emCA can connect with such lists to ensure that you're always on the right side of the law.
If you're looking to have the CA hosted on your premise, no problem. emCA can operate out of physical infrastructure, or DevOps based architectures. Our professional services team can get you up and running with peace of mind that every piece of data resides within your walls.
emCA can be deployed within your cloud environment whether it's on AWS, Azure, or GCP. In case you centrally manage your cloud infrastructure, or have a hybrid set up, eMudhra's team can work with you to establish the appropriate architecture to ensure it scales to your needs.
emCA is a component of the emCA system that validates and verifies the authenticity and integrity of emCA certificates.
Yes, emCA Validation Authority can be configured to whitelist specific Roots and Issuing CA's, even those which are not running on emCA PKI Stack, to help you create a boundary of the Identities and Certificate Authorities (or QTSP's) that you wish to trust.
Most PKI ecosystems traditionally require a CRL to maintain list of expired and revoked certificates. As time passes and the CRL list grows larger, querying a CRL list can often be inefficient and time consuming at the time of validation as it involves checking each line item in the list to identify the status of a given certificate. OCSP acts as a layer on top of the CRL to make the response for certificate status quick and efficient.
The main functions of emCA include certificate validation, revocation status checking, issuing and managing certificates, and maintaining the trustworthiness of the emCA system.
Yes, emCA is designed to seamlessly integrate with existing certificate infrastructures, making it easier to incorporate it into the overall security framework.
emCA provides real-time validation, ensuring the immediate verification of certificate authenticity and revocation status, offering enhanced security and reducing the risk of using compromised certificates.
Yes, emCA supports monitoring and can generate alerts based on certificate validation events, helping to promptly detect and respond to any security issues.
The specific system requirements for emCA may vary depending on the deployment scenario, but it generally requires a secure infrastructure, cryptographic libraries, and appropriate hardware resources to handle the certificate validation workload effectively.