Trust the Identities you Transact with

Ensure efficient trust validation through OCSP

Online Certificate Service Protocol acts as a layer on top of your CRL to quickly validate whether signed data can be trusted
Real time status

Real-time status

OCSP provides immediate certificate validation, enabling real-time verification of a certificate's revocation status



Reduces the overhead of checking certificate status by requesting and receiving responses from the dedicated OCSP server



Handle large-scale deployments for distributed infrastructure and load balancing across multiple servers



Get detailed information about individual certificates, allowing for more precise revocation checking



Support different validation models, such as basic and nonce-based, providing flexibility to meet various security requirements

Enhanced Security

Enhanced security

By validating certificate revocation status, prevent the use of compromised or expired certificates, bolstering security

Maintain Revoked Identities with ease using our CRL

Certificate Revocation List is a list maintained by the CA system on identities that have been revoked or have expired
emCA's Validation Engine - Validate Identities offline

Validate Identities offline

With emCA's Validation Engine, organizations can maintain a revocation list which can be queried offline to identify the status of the certificate used on the signed data received. While an OCSP can do this more efficiency, a CRL alone may suffice in cases where such validation needs to be done offline, or where the data set is not expected to scale. In short, emCA CRL can work independent of network connectivity and without the OCSP responder.

Automatically update your Revocation List

emCA Validation Authority seamlessly connects with emCA Certificate Engine to automatically update and maintain a list of expired and revoked identities. This means that at any time, you can manage your identities from a single dashboard with the assurance that revocation will be taken care of automatically.

emCA Validation Authority seamlessly connects with emCA Certificate Engine to automatically update
CRL is easy to deploy

CRL is easy to deploy

Since emCA CRL does not require real-time connectivity to validate identities, it's easier to deploy, with lesser infrastructure requirements, while still getting the job done. However, for high volume validation use cases, we strongly recommend the OCSP engine, which comes as part of emCA Validation Authority Package by default.

Centralize the Identities you don't Trust

emCA supports a multi-hierarchy CA ecosystems. This means, you can have multiple Roots and Issuing CA's as one organizations for different use cases. emCA Validation Authority helps you centralize all the identities you don't trust across all hierarchies to provide a transparent view of your trust ecosystem.

emCA supports a multi-hierarchy CA ecosystems
Embrace Interoperability

Embrace Interoperability

As a standards based solution, emCA Validation Authority (and CRL) works across multiple systems that support common cryptographic standards like x.500, where CRL's have to be maintained separately and validated at the time of receiving signed data.

Ensure Peace of Mind

Validation systems and CRL's are often a matter of compliance and best practices in the world of PKI. After all, it's important to ensure that the digital identities you interact with are current, and in several cases, not blacklisted in the countries you operate. Validation helps organizations prevent interactions with blacklisted persons and individuals where country-level lists are maintained. emCA can connect with such lists to ensure that you're always on the right side of the law.

Ensure Peace of Mind

Key Benefits of emCA Validation Authority

Top-tier protection for all transactions

Support all major HSM's including Thales, Entrust, & Utimaco

Assured Trust in complex Identity ecosystem

Packaged with CRL and OCSP in one bundle

In-depth transaction and operational record keeping

Configurable settings to ensure regulatory adherence

OCSP Signing keys secured in HSMs

Support for own & third party CRL validation

Capable of managing multiple Certificate Authorities

Versatile, adaptable signing certificate configuration options

Streamlined processing of incoming OCSP requests

Ready to accommodate expanding operational needs

Use CLI tools for streamlined operations

Enjoy seamless upgrades with near-zero downtime

Benefit from round-the-clock system accessibility

Stay operational, even during maintenance windows

Use emCA Ui for centralized control

Immediate, real-time status updates

Linear scalability via cluster node addition

Online services readily accessible

Verify with robust responder

A Trust Service provider you can trust

Gartner Mentions

Gartner Mentions

Recognized for PKI and certificate management category in Gartner Report - Managing Machine Identities, Secrets, Keys and Certificates

Read More

emCA is EAL4+ Certified

emCA – Certificate Authority Solution has received the prestigious EAL4+ certification, signifying high assurance in its software development and security standards.


OCSP vs CRL: What's the Key Difference?

emCA is at the core of eMudhra's Global Trust Services providing robust security infrastructure for secure digital identity and transactions.

Read Blog

Deployment Models

On Premise

On Premise

If you're looking to have the CA hosted on your premise, no problem. emCA can operate out of physical infrastructure, or DevOps based architectures. Our professional services team can get you up and running with peace of mind that every piece of data resides within your walls.

Private Cloud

Private Cloud

emCA can be deployed within your cloud environment whether it's on AWS, Azure, or GCP. In case you centrally manage your cloud infrastructure, or have a hybrid set up, eMudhra's team can work with you to establish the appropriate architecture to ensure it scales to your needs.

Related Resources

Public Key Infrastructure

Public Key Infrastructure: What is PKI and How It Works?

Securing IoT Devices at Scale

Securing IoT Devices at Scale: PKI for IoT Identity Security

eMudhra Blog
Futureproofing Cybersecurity

Futureproofing Cybersecurity with emCA

Download Datasheet

Frequently Asked Questions

emCA is a component of the emCA system that validates and verifies the authenticity and integrity of emCA certificates.

Yes, emCA Validation Authority can be configured to whitelist specific Roots and Issuing CA's, even those which are not running on emCA PKI Stack, to help you create a boundary of the Identities and Certificate Authorities (or QTSP's) that you wish to trust.

Most PKI ecosystems traditionally require a CRL to maintain list of expired and revoked certificates. As time passes and the CRL list grows larger, querying a CRL list can often be inefficient and time consuming at the time of validation as it involves checking each line item in the list to identify the status of a given certificate. OCSP acts as a layer on top of the CRL to make the response for certificate status quick and efficient.

The main functions of emCA include certificate validation, revocation status checking, issuing and managing certificates, and maintaining the trustworthiness of the emCA system.

Yes, emCA is designed to seamlessly integrate with existing certificate infrastructures, making it easier to incorporate it into the overall security framework.

emCA provides real-time validation, ensuring the immediate verification of certificate authenticity and revocation status, offering enhanced security and reducing the risk of using compromised certificates.

Yes, emCA supports monitoring and can generate alerts based on certificate validation events, helping to promptly detect and respond to any security issues.

The specific system requirements for emCA may vary depending on the deployment scenario, but it generally requires a secure infrastructure, cryptographic libraries, and appropriate hardware resources to handle the certificate validation workload effectively.

Let us help you find the right solution