ValiCert Introduces OCSP VA Suite for Digital Certificate Validation

New Entry-level Validation Authority Solution Extends Certificate
Checking to a Broad Range of Users and Applications

RSA DATA SECURITY CONFERENCE, January 18, 1999 -- ValiCert, Inc., the
leading provider of software and services that enable trust and
interoperability of digital certificate applications, today announced
the availability of its ValiCert OCSP VA Suite, a new entry-level
digital certificate validation solution that brings certificate
checking to a broad range of organizations and applications.
ValiCert's new product is based on the Online Certificate Status
Protocol (OCSP), a new industry standard for validating certificate
status on the Internet. With the OCSP VA Suite, users can integrate
digital certificate validation checking into their organization's
security system, adding the highest level of protection to their
Internet-based commerce and communications.

The OCSP VA Suite includes the OCSP VA server, and is the first
complete, commercial implementation of the OCSP protocol for
certificate validation. It provides an affordable and scalable
validation solution that allows organizations to disable invalid or
revoked digital certificates for specific users or entities. It works
in tandem with any certificate authority (CA) server to ensure
organizations the highest level of trust in their digital
certificates.

"As certificate validation becomes more critical for conducting
e-commerce and e-business, we wanted businesses of all types to more
easily have the option of validating the certificates in use in their
enterprises," said Yosi Amram, president and CEO of ValiCert. "Our
new OCSP VA Suite provides an excellent, vendor-neutral solution for
certificate validation that can be set up easily and scales well with
an organization's needs."

ValiCert also announced today that Ascom Systec AG, a leading
Swiss-based system integrator for trust services to major European
banks and government institutions, will be offering the OCSP VA Suite
as part of its trust solutions.

"We are pleased to be a ValiCert OCSP VA Suite customer," said Dr.
Erich Ruetsche, head of the business unit for Information Security of
Ascom Systec AG.

"We are combining ValiCert's Validation Authority solutions with our
S/MIME and trust solutions. ValiCert has a unique concept for
unifying the heterogeneous world of PKI. This is especially important
for large customers where these heterogeneous solutions are the rule,
not the exception."

ValiCert's OCSP VA Suite is easy to install and manage through a
centralized browser-based installation and administration interface.
Validation capabilities can be easily extended to end-users and
existing applications through a simplified administration mechanism.
The OCSP VA supports both UNIX and Windows NT platforms, and can be
easily upgraded to ValiCert's Enterprise VA solution.

The OCSP standard was created by the Internet Engineering Task Force
(IETF) and enjoys broad industry support as a mechanism for
validating certificate status on the Internet. As a member of the
IETF, ValiCert was actively involved in co-authoring the
specification. The new Valicert OCSP VA provides the first full
commercial version of this standard for clients and servers.

Availability

The OCSP VA Suite pricing starts at $995, and includes the ValiCert
OCSP VA, ValiCert Validator Suite, ValiCert VA Publisher and
ValiCert Validator Toolkit. along with licenses for 200 users. The
OCSP VA Suite can be downloaded from ValiCert's Web site,
http://www.valicert.com. For more information, contact ValiCert at
sales@valicert.com or call +1-877-VALICERT.

ValiCert Validation Authority Solutions

ValiCert's family of Validation Authority products provide universal
certificate validation designed to work with any certificate issuance
system to provide secure, efficient and scalable validity
confirmation. ValiCert's digital certificate validation solutions
consist of multiple product components that can be easily integrated
into an organization's public-key infrastructure (PKI) to add
validation functionality to applications that incorporate digital
certificates. In addition to the OCSP VA server, ValiCert's products
and services include:

ValiCert Enterprise VA is the core component of ValiCert's
universal validation solutions, the Enterprise VA enables
organizations to host their own certificate revocation data on-site
and to conduct high-performance, interoperable certificate validity
confirmation. It supports Certificate Revocation List (CRL), OCSP,
and ValiCert's Certificate Revocations Tree (CRT) validation methods.

The ValiCert Validator Suite consists of both standalone and
plug-in software modules that enable existing digital certificate
applications to check the revocation status of digital certificates
for popular Web, S/MIME-based e-mail and other desktop and server
applications.

ValiCert VA Publisher distributes CRLs on a regular basis from any
of today's popular CAs to ValiCert's validation service or server,
allowing companies to easily manage multiple CAs through a single
management framework without increased IT overhead.

ValiCert Validator Toolkit is an interoperable, high-performance
development toolkit that enables developers to add digital
certificate validation capabilities to their Internet commerce and
communications application

The ValiCert Global VA ServiceSM is a turnkey service that enables
organizations to easily outsource their validation needs, is
currently undergoing a worldwide field trial involving leading public
CAs and enterprises in North America, Asia-Pacific and Europe.

Digital Certificate Validation and PKI

PKI is becoming the cornerstone of many organizations security
strategy. Digital certificates are the core components of a PKI
solution because they verify the identity of a user or organization
involved in an Internet-based transaction or communication. However,
these credentials can fall into unauthorized hands, or become revoked
if an employee leaves an organization. Until ValiCert, there was no
efficient or economical way to check the validity of digital
certificates issued by any CA from anywhere in the world. ValiCert's
Validation Authority products and services complement CAs to empower
end-user Internet applications to transparently and reliably validate
certificates, thus enabling trust and authenticity to all users of
secure communications and e-commerce.

ValiCert's products received the 1998 Network Magazine Product of the
Year Award in the Digital Certification category, and were named as
the top choice in the security products category in Data
Communication magazine's sixth annual Hot Products issue.

About ValiCert

ValiCert is the leading provider of software and services that enable
trust and interoperability of digital certificate applications. The
company's Validation Authority products and services deliver
high-performance and economical validation of digital certificates.
ValiCert combines validation technology with applications and
professional services to create scalable, interoperable solutions
that enable secure e-commerce and communications over the Internet.
The company has technology and marketing alliances with leading
worldwide providers of security services and products, including
major CAs and application vendors. ValiCert is headquartered in
Mountain View, Calif. and is available on the World Wide Web at
http://www.valicert.com.