SCVP Response Signing key(s) are required by the ADSS SCVP Service to sign its responses sent back to the client applications and/or SCVP Request Signing key(s) that are required if you wish to forward the signed requests to the peer SCVP Server for non-registered CA's revocation checking. The Key Manager module is used to generate/import the required infrastructure keys.

In order to generate the keys within Key Manager module, see the section: Generating New Keys while for importing keys in ADSS Server that are issued by third parties, see the section: Importing Keys. Note that keys you want to import MUST be in PKCS#12/PFX format. When generating/importing a key for SCVP response signing then select the key purpose "SCVP Response Signing" while for request signing "SCVP Request Signing". Keys held in a PKCS#11 device can also be used for SCVP request/response signing, see the section Crypto Source to configure and import the keys from it.  

Once the key pair is generated then Public Key needs to be certified. It can be certified by creating the Self Signed Certificates and/or Delegated Certificates. Typically an SCVP Server acts as a trust anchor so self-signed certificates are preferred, however this choice depends on the trust model.


See also
Step 2 - Register CAs Using Trust Manager
Step 3 - Configure an SCVP Validation Policy
Step 4 - Configure CRL Monitor
Step 5 - SCVP Service Manager Settings