Step 3 - Configure an SCVP Validation Policy

An SCVP validation policy defines a number of factors including:

Which registered trust anchors (CAs) are to be used to build trusted chains for the end entity certificates.
Whether AIA or LDAP based information is to be used for certificate path discovery if the intermediate certificate is not registered in Trust Manager.
Which validation method should be used (i.e. Peer SCVP, OCSP/AIA and/or CRL) for certificate validation when an intermediate CA is not registered within Trust Manager module but found in the SCVP request.
When using advanced path validation the list of acceptable certificate policy OIDs, Key Usage and/or Extended Key Usage extensions can be defined.
When using advanced path validation the list of acceptable and unacceptable subject names can be defined.
The ability to handle historic certificate validations.

Validation policies can be viewed by clicking the Validation Policies button in the left panel. This shows the following screen:

The list of existing SCVP validation policies can be sorted in either ascending or descending order by selecting a table column from the drop down list. The list can be sorted on basis of these columns: the Validation Policy OID, the Validation Policy Name, Created At or Status.

After Installation of ADSS Server (without sample data), the operator will create a default validation policy with the policy OID '1.3.6.1.5.5.7.19.1' in SCVP Service → Validation Policies, as it is required to make it compliant with RFC 5055.

Clicking on the Search button displays the following screen:

This helps to locate a particular type of SCVP Validation Policy. The policy can be searched based on Status, Policy OID and/or Policy Name. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.

If the "_" character is used in the search then it will act as wildcard.