Configuration Requirements

The following third-party components are required for a secure installation and configuration of Validation Authority:

  • Operating System

  • Database

  • HSM

For details and the latest information, please refer to the Release Notes section for this product version.

Operating System

A secure Validation Authority configuration requires an operating system that provides the following security functions:

Note:

A secure Validation Authority configuration requires an operating system that provides the following security functions:

  • A user identification and authentication mechanism to protect against unauthorized access to Validation Authority. Validation Authority also requires the use of a separate operating system user account for performing Validation Authority installation and configuration procedures.

  • A separate execution space for Validation Authority and the ability to prevent any other applications from interfering with Validation Authority.

  • A reliable system clock that Validation Authority can use to timestamp security related events.

Validation Authority is supported on the following operating systems:

  • Red Hat® Enterprise Linux® 7.x and 8.x (64-bit)

  • Microsoft® Windows Server 2016, 2019, and 2022

To access the Validation Authority Management Console, the following client is supported:

  • Windows 10 (x64)

Via the following browsers:

  • Google® Chrome for Windows (x64bit).

  • Firefox® for Windows (x64bit), RHEL7 (v78.11 oesr x64bit) and RHEL8 (v78.4 oesr x64bit).

  • Microsoft Edge® for Windows (x64bit).

The hardware system requirements for secure production will depend on the Operating System that is used to set up the environment.

Operating System Requirement
Linux

  • 2 GHz or higher Intel x86 or x64 processor

  • 4 GB or higher memory

  • 500 MB available disk space
Microsoft Windows

  • 2 GHz or higher Intel x86 or x64 processor

  • 4GB memory

  • 500 MB available disk space

Database

Note: A secure Validation Authority requires the use of a separate database to store security-related parameters and audit log messages.

Validation Authority uses a relational database to store data. Validation Authority can be run either on the same server as the database or on a separate server. This allows for a clean distribution of responsibility and computing load within a large-scale data center.

The ActivID Validation Authority Installation and Configuration section describes in detail the processes of installation, configuration, and administration of Validation Authority.

The following database options are supported:

  • Microsoft SQL Server 2014, 2016, 2017, and 2019 (Express, Standard and Enterprise editions)

  • Oracle® 12c R1, R2 and 19C

  • PostgreSQL 12 and 15

Make sure that you implement database hardening procedures that your organization requires. For example, for databases on a server running a Microsoft Windows operating system, you may be required to:

  • Change the account that the database service runs as, and

  • Change registry permissions.

Supported Hardware Security Modules (HSM)

Note: A secure Validation Authority requires the use of a Hardware Security Module (HSM) to provide cryptographic functions (key generation, key destruction, and cryptographic operations) using FIPS 140-1 or FIPS 140-2 Level 3 cryptographic algorithms. The HSM products listed in this section have been tested by HID Global and, with the exception of the Oracle SunJCE keystore, meet these requirements.

The following HSMs are supported:

  • Thales Luna HSM (formerly Gemalto/SafeNet Luna SA) and Luna PCIe

  • Tested on Luna K7 with firmware 7.0.3 and software 7.2.0-220, client version - 10.1.0-32

  • Entrust nShield™ (formerly Thales nShield) Connect, Connect+, Connect XC, Solo and Solo+

  • Tested with firmware 12.72.1 and client version – 12.70.4

  • AEP Networks Keyper Enterprise and Keyper Plus

  • Supported firmware 3.0

  • Oracle SunJCE keystore (software-only keystore). This should only be used for evaluations. A "hardware" HSM is recommended for production environments