The VA Validator Toolkit provides a complete set of certificate validation functions, source code examples, and reference manuals that save serious development time and money for commercial or custom PKI-enabled applications, such as network and handheld devices, physical security systems, and workflow applications. The Validator Toolkit provides an ideal solution for PKI enabling network devices such as VPN or WLAN gateways as well as physical security systems.

The Toolkit encapsulates the complexities of PKI digital certificate validation in a simple, three-step process that developers can implement through easy-to-understand C/C++ and Java interfaces.

  1. Use the Toolkit APIs to isolate the application from the specifics of the underlying mechanism, which allows you to delegate validation operations to Axway Validation Authority. The Toolkit allows the calling application to simplify certificate validation by requiring only the client certificate and, if possible, the issuer (CA) of that credential. The toolkit can support complex trust models and RFC 3280/5280 certificate policy controls for path processing and policy enforcement.
  2. Use the Toolkit Library to enable support for CA-specific validation policies and CRL data from multiple CA or VA sources. Axway VA supports multiple digital certificate validation mechanisms, including CA-issued Certificate Revocation Lists (CRLs*), Online Certificate Status Protocol (OCSP), Server-based Certificate Validation Protocol (SCVP), Compact CRL* and VACRL* (Axway’s CRL replication protocol for VA-manufactured CRLs). This allows business applications to integrate complex validation policies and governance rules at minimal cost.
  3. Use the Toolkit Cryptography Library to establish secure communication with a VA Server via SSL/TLS.  In addition to building validated certificate chains using a variety of different protocols, the Toolkit also provides access to communication libraries that allows the calling application to trigger HTTP/S, LDAP/S and FTP/S* queries for revocation status checking. For environments that protect cryptographic data on separate media (smart cards, HSMs), there is support for common integration standards like PKCS11, MS-CAPI and nCipher/Thales CHIL.

Additionally, the Validator Toolkit C/C++ is certified DOD JITC, IdenTrust and FIPS 140-2 Level 1 compliant. These credentials save organizations the time and cost of additional testing and certification. Validator Toolkit supports several different validation trust models as well as specific validation policies.