Why can’t the CA handle validation?
A. Strictly speaking, there is no reason why the CA could not deploy its own, proprietary validation system. However, ValiCert has already devoted several years’ worth of labor towards providing an efficient, inexpensive, high-performance validation system. There is no practical reason why a CA would choose to consume those resources itself rather than work with ValiCert to provide validation information.
Why do you need validation? Doesn’t the CA provide it?
Validation is necessary because without it, it is much easier to execute fraudulent transactions. Deploying a public-key infrastructure without validation leaves it fundamentally incomplete and insecure.

The CA can provide the necessary raw data to answer validation queries, but the technological infrastructure necessary to process that data and supply it to users comes from ValiCert.

Isn’t every certificate valid by definition?

No. Like any other kind of identification, such as a credit card or driver’s license, a certificate has a finite lifespan. It expires, and once that expiration date is reached, it must either be renewed or replaced.
How can a certificate be revoked?
The mechanism for revoking a certificate varies by CA, but the essential ingredients are that the issuer of the certificate must somehow issue a digitally-signed statement (typically in the form of a List) marking a particular certificate’s serial number as revoked.

Why are certificates revoked?

The circumstances under which this may happen vary widely, but can include a change of employment status, theft of a computer containing the certificate’s associated private key, or cancellation of the anticipated transaction for which the certificate was originally issued.

How do I perform a validation check with Netscape Navigator or IE?

As the end-user, you don’t need to take any extra steps to validate a certificate. If you are using a validation-enabled copy of the Netscape or Microsoft browsers, all certificates will be validated automatically before they are used to encrypt an outgoing message or accept an incoming one. The only time you will interact directly with the ValiCert software is when an invalid certificate is discovered; the software will alert you to the problem so that you know a given certificate is no longer trustworthy.

Where can I get a certificate?

You can get a certificate from your employer if your company maintains a Certificate Authority. Otherwise you can get certificates from a prominent public CA such as Thawte, or from smaller regional CAs.

How much will one cost?

A certificate might be free, or you might have to pay a small annual fee. Typically a personal-use certificate will not cost more than US$10 annually.

Will your products work with my CA?

ValiCert’s products and services offer interoperability between every major CA product and service. Please contact us directly to discuss your particular application.

What are certificates?

Certificates, or digital certificates, are a form of electronic identification, like a driver’s license. They attest that the issuing authority certifies that the data contained within the certificate-at a minimum, the email address of the certificate holder-is indeed accurate and trustworthy for the lifespan of the certificate. Certificates have expiration dates after which they are no longer valid, but they may be revoked prior to that date for a variety of reasons.

Why are they important?

Certificates are important because they provide a highly-secure bi-directional security mechanism. Not only can individual certificate holders ensure that their email and other messages are cryptographically secure, recipients can also authenticate the identity of every message’s sender. In addition, users can verify the integrity of commercial web sites with which they might perform transactions, and those same sites can use certificates to replace the traditional username/password access control mechanism.

Why can’t I just use usernames and passwords?

Username/password combinations are not as secure. If someone steals your username and password, they can gain access to controlled data from anywhere in the world. You also have no easy way of notifying all access-controlled sites that your username and password have been compromised. You have to remember every unique combination of usernames and passwords for every access-controlled site with which you interact.

How does certificate validation work with VPNs?

Virtual Private Networks use certificates to replace the traditional challenge-response username/password authentication mechanism. VPN administrators need not implement an additional security layer when deploying VPN products and services; if the company’s certificate infrastructure is already in place, access control should extend automatically to VPN clients off-site.