Step 3 - Configure an SCVP Validation Policy
An SCVP validation policy defines a number of factors including:
- Which registered trust anchors (CAs) are to be used to build trusted chains for the end entity certificates.
- Whether AIA or LDAP based information is to be used for certificate path discovery if the intermediate certificate is not registered in Trust Manager.
- Which validation method should be used (i.e. Peer SCVP, OCSP/AIA and/or CRL) for certificate validation when an intermediate CA is not registered within Trust Manager module but found in the SCVP request.
- When using advanced path validation the list of acceptable certificate policy OIDs, Key Usage and/or Extended Key Usage extensions can be defined.
- When using advanced path validation the list of acceptable and unacceptable subject names can be defined.
- The ability to handle historic certificate validations.
Validation policies can be viewed by clicking the Validation Policies button in the left panel. This shows the following screen:
The list of existing SCVP validation policies can be sorted in either ascending or descending order by selecting a table column from the drop down list. The list can be sorted on basis of these columns: the Validation Policy OID, the Validation Policy Name, Created At or Status
Clicking on the Search button displays the following screen:
This helps to locate a particular type of SCVP Validation Policy. The policy can be searched based on Status, Policy OID and/or Policy Name. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
If the "_" character is used in the search then it will act as wildcard.. |
See also
Step 1 - Generate Key and Certificate
Step 2 - Register CAs Using Trust Manager
Step 4 - Configure CRL Monitor