Configuring the SCVP Service
Following are main steps to be taken when configuring the ADSS SCVP Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.
|
Steps |
Description |
|
Use the Key Manager module to generate the keys needed for the ADSS SCVP Service to sign the response. At least one SCVP response signing key is required with purpose "SCVP Response Signing". |
|
|
Register all the root and/or intermediate CAs that will be involved in path building/validation in ADSS Trust Manager module. Note: Registering the intermediate CAs can shorten the path discovery/validation process overheads and time. |
|
|
Define an SCVP Validation Policy to how a certificate path can be discovered and/or validated for registered/non-registered CAs. Client applications refer to the SCVP Validation Policy within their request messages sent to the ADSS SCVP Service. |
|
|
Import the CRLs against the CAs that will be involved in path validation in CRL Monitor module to determine the revocation status if you wish to use the locally held CRLs for revocation checking. |
|
|
Use the ADSS SCVP Service Manager to start/stop/restart the service. ADSS SCVP Service is required to be restarted when an SCVP Validation Policy is added/updated/deleted. |
Following is the detail of the above mentioned steps:
- Step 1 - Generate Key and Certificate
- Step 2 - Register CAs Using Trust Manager
- Step 3 - Configure an SCVP Validation Policy
- Step 4 - Configure CRL Monitor
- Step 5 - SCVP Service Manager Settings
See also
Access Control
Transactions Log Viewer
Logs Archiving
Alerts
Management Reporting
Operating the SCVP Service in FIPS 201 Compliant Mode
SCVP Service Interface URLs