Configuration Requirements

The following third-party components are required for a secure installation and configuration of Validation Authority:

  • Operating System

  • Database

  • HSM

For details and the latest information, please refer to the Release Notes section for this product version.

Operating System

A secure Validation Authority configuration requires an operating system that provides the following security functions:

Note:

A secure Validation Authority configuration requires an operating system that provides the following security functions:

  • A user identification and authentication mechanism to protect against unauthorized access to Validation Authority. Validation Authority also requires the use of a separate operating system user account for performing Validation Authority installation and configuration procedures.

  • A separate execution space for Validation Authority and the ability to prevent any other applications from interfering with Validation Authority.

  • A reliable system clock that Validation Authority can use to timestamp security related events.

Validation Authority is supported on the following operating systems:

  • Red Hat® Enterprise Linux® 8

  • Microsoft® Windows Server 2016, 2019, 2022, and 2025

To access the Validation Authority Management Console, the following client is supported:

  • Windows 10 and 11

Via the following browsers:

  • Google® Chrome for Windows.

  • Firefox® for Windows and RHEL

  • Microsoft Edge® for Windows.

The hardware system requirements for secure production will depend on the Operating System that is used to set up the environment.

Operating System Requirement
Linux

  • 2 GHz or higher Intel x64 processor

  • 4 GB or higher memory

  • 500 MB available disk space
Microsoft Windows

  • 2 GHz or higher Intel x64 processor

  • 4GB memory

  • 500 MB available disk space

Database

Note: A secure Validation Authority requires the use of a separate database to store security-related parameters and audit log messages.

Validation Authority uses a relational database to store data. Validation Authority can be run either on the same server as the database or on a separate server. This allows for a clean distribution of responsibility and computing load within a large-scale data center.

The HID Validation Authority Installation and Configuration section describes in detail the processes of installation, configuration, and administration of Validation Authority.

The following database options are supported:

  • Microsoft SQL Server 2019 (Express, Standard and Enterprise editions)

  • Oracle® 19C

  • PostgreSQL 15 and 17

Make sure that you implement database hardening procedures that your organization requires. For example, for databases on a server running a Microsoft Windows operating system, you may be required to:

  • Change the account that the database service runs as, and

  • Change registry permissions.

Supported Hardware Security Modules (HSM)

Note: A secure Validation Authority requires the use of a Hardware Security Module (HSM) to provide cryptographic functions (key generation, key destruction, and cryptographic operations) using FIPS 140-1 or FIPS 140-2 Level 3 cryptographic algorithms. The HSM products listed in this section have been tested by HID Global and, with the exception of the Oracle SunJCE keystore, meet these requirements.

The following HSMs are supported:

  • Thales Luna HSM (formerly Gemalto/SafeNet LunaSA) and Luna PCIe

  • Tested on Luna K7 with firmware 7.0.3, software 7.8.4-254, and client version 10.7.2-16

  • Entrust nCipher (formerly Thales nShield) Connect, Connect+, Connect XC, Solo and Solo+

  • Tested with firmware 12.72.1 and client version 13.3.2

  • Thales T7 HSM (LunaSA 7.11.0)

  • Tested with firmware 7.11.2, software 7.11.1, and client version 7.13.2-1 & 7.11.1-5

    Important:

    JDK Compatibility with Thales T7 HSM: Thales T7 HSM is not compatible with JDK 17 or the latest releases of JDK 11. To ensure successful integration and configuration with Validation Authority, it is recommended to use JDK version 11.0.12 from Oracle.

  • Oracle SunJCE keystore (software-only keystore). This should only be used for evaluations. A "hardware" HSM is recommended for production environments