Access Control
The access control module enables requests to the TSA service to be controlled. The default option is open access, however filters can be set that restrict access based on TLS client certificates or by IP address. Username and password authentication is considered very weak and is not supported. Signed requests are currently not supported by could be on request.
The following screen is used to make the necessary configurations:
The configuration items are as follows:
Items |
Description |
Allow open access |
If this option is checked, it allows open access and all requests are accepted. |
Allow access based on TLS client certificates |
This option has two sub-filters:
|
Allow access based on IP addresses |
This option allows you to list IP addresses to allow/deny. Wildcards “*” can also be used. The list is process top-down until a match is found.
|
Choosing the option Allow access based on TLS client certificates and clicking Add/Edit button will show the following screen where filtering can be performed based on Issuer or Subject DN Attributes:
Also, choosing the option Allow access based on IP addresses and clicking Add/Edit button will show the following screen where such IP addresses can be defined:
At least one include entry must be entered before an exclude entry can be specified in all the above cases. The TSA service must be restarted or reloaded after changes made to the access control rules. |
See also
Configuring the TSA Service
Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
Timestamp Service Interface URLs
Optimising ADSS TSA Server Performance