the end entity certificate issuing authority issues to an end entity a public key certificate used for validating a signature generated by an end entity apparatus operated by the end entity,

the method comprises:

a path registration step of registering in a database a valid path extending from a certificate authority being a start certificate authority to any end entity certificate issuing authority, and

a certificate validation step of receiving a certificate validation request for a public key certificate issued by any end entity certificate issuing authority, judging the validity of the public key certificate of which the certificate validation has been requested using information registered in the database, and outputting a result of the judgment,

the path registration step and the certificate validation step are executed by the computer independently of one another,

the path registration step comprises the following steps executed by the computer:

step 1) searching a path extending from the start certificate authority to the end entity certificate issuing authority which is the end of the path;

step 2) validating the path searched in step 1; and

step 3) registering the path which has been validated in step 2 as a valid path in the database, and

the certificate validation step comprises the following steps executed by the computer:

step 4) checking whether there is registered in the database a path specified by the request for certificate validation, the path extending from the start certificate authority being the trust anchor of an originator of the request for certificate validation to the end entity certificate issuing authority which has issued the public certificate of which the certificate validation has been requested, and which is the end of the path,

step 5) if the checked path is registered in the database as the valid path in step 4, validating a signature of the public key certificate of which the certificate validation is requested, by using the public key certificate issued to the end entity certificate issuing authority being the end of the checked path, and if validation of the signature is successful, judging that the public key certificate of which the certificate validation has been requested is valid and outputting a result of the judgment;

step 6) if the checked path is not registered in the database as the valid path in step 4, searching a path that includes a partial path from the start certificate authority being the trust anchor to the end entity certificate issuing authority which has issued the public key certificate of which certificate validation is requested and which is the end of the path, and that extends from the start certificate authority being the trust anchor to the end entity which is an issue destination of the public key certificate of which certificate validation is requested;

step 7) in the searching step in step 6, if the path extending from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested is detected, validating the path that includes the partial path and extends from the start certificate authority being the trust anchor to the end entity being the issue destination of the public key certificate of which certificate validation is requested;

step 8) judging the validity of the public key certificate of which certificate validation is requested based on the validation result in step 7 and outputting a result of the judgment; and

step 9) registering the partial path included in the path validated in step 7 into the database as a valid path.