Necessity of certificate validation

Since there have been certificates, there has been the problem with suspending certificates. We are not even talking about the serious problems like fraud and theft of a smart card but the every day-to-day problem like wrong certificate data (name change, change of department, issued wrongly), lost or damaged smart cards or the dismissal of an employee.

Only a certificate where validity can be checked is a trustworthy and secure certificate:

  • Data which have been encrypted with an invalid certificate are not secret
  • Digitally signed documents with an invalid certificate do neither guarantee identity nor integrity

Browser check: Does your browser verify the validity of server certificates?

Certificate validation in the course of time:

Up until now each TrustCenter , each pki issued a list of barred certificates (check list, certificate revocation list=CRL). This list contains a validity which depending on the desired check speed is only valid for a certain amount of time.
Nowadays it shows that this technology is can only be out into practise with difficulties.  The Verisigns check list for invalid server certificates is 0,5 MB and too big to be comfortable. Because of its big size it has to be valid for a few days- in order to keep the network traffic in boundaries this has got nothing to do with useful risk management.

An online validation of a validation server will contrarily to the above mentioned, ask for the validity of a certain certificate.

  • Less network burden; only information which is needed straight away  will be transferred
  • Due to a central validation spot a fast and flexible risk control is possible
  • new account and/or accounting possibilities for the use of a PKI (Application
  • simpler enterprise and improved interoperability
With SyTrust CertControl as validation  server you are able to use all common validation standards and therefore extent your pki in matters of risk management, service and interoperability.

security simply works.

  ValidationWorks!: Online certificate validation (OCSP) for Microsoft Windows. Secure your work place. Instant download and online shopping available!, a free service powered by SyTrust CertControl technology is nominated for the German Internet Award 2003.   
CertControl: free version of the OCSP Responder available for download  
  BrowserCheck: Does your browser validate the certificates it uses?