An SCVP validation policy defines a number of factors including:

  • Which registered trust anchors (CAs) are to be used to build trusted chains for the end entity certificates.
  • Whether AIA or LDAP based information is to be used for certificate path discovery if the intermediate certificate is not registered in Trust Manager.
  • Which validation method should be used (i.e. Peer SCVP, OCSP/AIA and/or CRL) for certificate validation when an intermediate CA is not registered within Trust Manager module but found in the SCVP request.
  • When using advanced path validation the list of acceptable certificate policy OIDs, Key Usage and/or Extended Key Usage extensions can be defined.
  • When using advanced path validation the list of acceptable and unacceptable subject names can be defined.
  • The ability to handle historic certificate validations.


Validation policies can be viewed by clicking the Validation Policies button in the left panel. This shows the following screen: 



The list of existing SCVP validation policies can be sorted in either ascending or descending order by selecting a table column from the drop down list. The list can be sorted on basis of these columns: the Validation Policy OID, the Validation Policy Name, Created At or Status

Clicking on the Search button displays the following screen:



This helps to locate a particular type of SCVP Validation Policy. The policy can be searched based on Status, Policy OID and/or Policy Name. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.

If the "_" character is used in the search then it will act as wildcard.


See also

Step 1 - Generate Key and Certificate
Step 2 - Register CAs Using Trust Manager
Step 4 - Configure CRL Monitor

Step 5 - SCVP Service Manager Settings