Trust the Identities you Transact with
Ensure efficient trust validation through OCSP
Online Certificate Service Protocol acts as a layer on top of your CRL to quickly validate whether signed data can be trusted
Real-time status
OCSP provides immediate certificate validation, enabling real-time verification of a certificate's revocation status
Efficiency
Reduces the overhead of checking certificate status by requesting and receiving responses from the dedicated OCSP server
Scalability
Handle large-scale deployments for distributed infrastructure and load balancing across multiple servers
Granularity
Get detailed information about individual certificates, allowing for more precise revocation checking
Flexibility
Support different validation models, such as basic and nonce-based, providing flexibility to meet various security requirements
Enhanced security
By validating certificate revocation status, prevent the use of compromised or expired certificates, bolstering security
Maintain Revoked Identities with ease using our CRL
Certificate Revocation List is a list maintained by the CA system on identities that have been revoked or have expired
Validate Identities offline
With emCA's Validation Engine, organizations can maintain a revocation list which can be queried offline to identify the status of the certificate used on the signed data received. While an OCSP can do this more efficiency, a CRL alone may suffice in cases where such validation needs to be done offline, or where the data set is not expected to scale. In short, emCA CRL can work independent of network connectivity and without the OCSP responder.Automatically update your Revocation List
emCA Validation Authority seamlessly connects with emCA Certificate Engine to automatically update and maintain a list of expired and revoked identities. This means that at any time, you can manage your identities from a single dashboard with the assurance that revocation will be taken care of automatically.CRL is easy to deploy
Since emCA CRL does not require real-time connectivity to validate identities, it's easier to deploy, with lesser infrastructure requirements, while still getting the job done. However, for high volume validation use cases, we strongly recommend the OCSP engine, which comes as part of emCA Validation Authority Package by default.Centralize the Identities you don't Trust
emCA supports a multi-hierarchy CA ecosystems. This means, you can have multiple Roots and Issuing CA's as one organizations for different use cases. emCA Validation Authority helps you centralize all the identities you don't trust across all hierarchies to provide a transparent view of your trust ecosystem.Embrace Interoperability
As a standards based solution, emCA Validation Authority (and CRL) works across multiple systems that support common cryptographic standards like x.500, where CRL's have to be maintained separately and validated at the time of receiving signed data.Ensure Peace of Mind
Validation systems and CRL's are often a matter of compliance and best practices in the world of PKI. After all, it's important to ensure that the digital identities you interact with are current, and in several cases, not blacklisted in the countries you operate. Validation helps organizations prevent interactions with blacklisted persons and individuals where country-level lists are maintained. emCA can connect with such lists to ensure that you're always on the right side of the law.Key Benefits of emCA Validation Authority
Top-tier protection for all transactions
Support all major HSM's including Thales, Entrust, & Utimaco
Assured Trust in complex Identity ecosystem
Packaged with CRL and OCSP in one bundle
In-depth transaction and operational record keeping
Configurable settings to ensure regulatory adherence
OCSP Signing keys secured in HSMs
Support for own & third party CRL validation
Capable of managing multiple Certificate Authorities
Versatile, adaptable signing certificate configuration options
Streamlined processing of incoming OCSP requests
Ready to accommodate expanding operational needs
Use CLI tools for streamlined operations
Enjoy seamless upgrades with near-zero downtime
Benefit from round-the-clock system accessibility
Stay operational, even during maintenance windows
Use emCA Ui for centralized control
Immediate, real-time status updates
Linear scalability via cluster node addition
Online services readily accessible
Verify with robust responder
A Trust Service provider you can trust
Gartner Mentions
Recognized for PKI and certificate management category in Gartner Report - Managing Machine Identities, Secrets, Keys and Certificates
Read MoreemCA is EAL4+ Certified
emCA Certificate Authority Solution has received the prestigious EAL4+ certification, signifying high assurance in its software development and security standards.
Watch VideoOCSP vs CRL: What's the Key Difference?
emCA is at the core of eMudhra's Global Trust Services providing robust security infrastructure for secure digital identity and transactions.
Read BlogDeployment Models
On Premise
If you're looking to have the CA hosted on your premise, no problem. emCA can operate out of physical infrastructure, or DevOps based architectures. Our professional services team can get you up and running with peace of mind that every piece of data resides within your walls.
Private Cloud
emCA can be deployed within your cloud environment whether it's on AWS, Azure, or GCP. In case you centrally manage your cloud infrastructure, or have a hybrid set up, eMudhra's team can work with you to establish the appropriate architecture to ensure it scales to your needs.
Related Resources
Public Key Infrastructure: What is PKI and How It Works?
eMudhra BlogSecuring IoT Devices at Scale: PKI for IoT Identity Security
eMudhra BlogFutureproofing Cybersecurity with emCA
Download DatasheetLet's Connect.
Frequently Asked Questions
emCA is a component of the emCA system that validates and verifies the authenticity and integrity of emCA certificates.
Yes, emCA Validation Authority can be configured to whitelist specific Roots and Issuing CA's, even those which are not running on emCA PKI Stack, to help you create a boundary of the Identities and Certificate Authorities (or QTSP's) that you wish to trust.
Most PKI ecosystems traditionally require a CRL to maintain list of expired and revoked certificates. As time passes and the CRL list grows larger, querying a CRL list can often be inefficient and time consuming at the time of validation as it involves checking each line item in the list to identify the status of a given certificate. OCSP acts as a layer on top of the CRL to make the response for certificate status quick and efficient.
The main functions of emCA include certificate validation, revocation status checking, issuing and managing certificates, and maintaining the trustworthiness of the emCA system.
Yes, emCA is designed to seamlessly integrate with existing certificate infrastructures, making it easier to incorporate it into the overall security framework.
emCA provides real-time validation, ensuring the immediate verification of certificate authenticity and revocation status, offering enhanced security and reducing the risk of using compromised certificates.
Yes, emCA supports monitoring and can generate alerts based on certificate validation events, helping to promptly detect and respond to any security issues.
The specific system requirements for emCA may vary depending on the deployment scenario, but it generally requires a secure infrastructure, cryptographic libraries, and appropriate hardware resources to handle the certificate validation workload effectively.