The following are the high-level steps to configure the ADSS XKMS Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.


Steps

Description

Step 1:

Use the Key Manager module to generate the keys and certificates needed for the XKMS Service.At least one XKMS response signing key is required with purpose "XKMS Response Signing".

Step 2:

Register all the root and/or intermediate CAs that will be involved in path building/validation in ADSS Trust Manager module. 

Note: Registering the intermediate CAs can shorten the path discovery/validation process overheads and time.

Step 3:

Configure an XKMS Profile to define how a certificate path can be discovered and how the certificate chain will be validated as well as how registered CAs and non-registered CAs are handled.

Step 4:

Import the CRLs against the CAs that will be involved in path validation in CRL Monitor module to determine the revocation status if you wish to use the locally held CRLs for revocation checking.

Step 5:

Use the ADSS XKMS Service Manager to start/stop/restart the service. ADSS XKMS Service is required to be restarted when an XKMS profile is created/updated/deleted.


It is not necessary to register XKMS Service clients within the ADSS Client Manager (i.e. as required for ADSS Signing, Verification and Certification services etc).




See also

Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
XKMS Service Interface URLs