With the rapid development of network, information security problems have become more and more attention. Public key infrastructure (PKI) is one of the key technologies to address the issue of information security.The application of certificate is one of important ways in the practice of PKI,and the validation of certificate is an important part of the application of certificate. This paper introduces the CA system and its trust model, Analysis the current situation of China's PKI system, and Analysis the feasibility of establishing the model of Root Certification Authority. According to its features, proposes the division and compose of a certificate path, the cache of certificate pathes, the period of validity of a certificate path and the commission of discovering certificate pathes. This paper brings forward the model of certificate validation server, which based on the concept of the commission of discovering certificate pathes. And the arithmetics of certificate path building, certificate path validation and the secure communicate protocol are designed detailedly. This model fulfills the certificate path building across trust fields by distributing system's cooperation. The model settles the problem that it is hard and inefficient and high probability of failure to find a certificate path across different trust fields. During the realization of this system, security, flexibility and extensibility is fully considered. System testing has made a reliable and stable results. |