After making configuration changes within the ADSS Verification Service, the service must be restarted for the changes to take effect. The verification service manager module allows operators to start, stop or restart the verification service and also make changes to service related configurations. Click on the "Service Manager" button and this screen is shown:



If operator selects the Enable Gateway Mode option then following screen is shown:

The configuration items are as follows:

Items

Description

Service Address

The address of the verification service being controlled from this Service Manager. Ensure the address points to the correct service URL, i.e. if you are running the service on multiple machines in a load-balanced configuration then check that the name is correct for the particular instance that needs to be started/stopped/restarted.By default it will be that of the local machine.

Start

Start the service. Status will change to “Running” after a successful start.

Stop

Stop the service. Status will change to “Stopped” after the service is stopped.

Restart

Stop and then start the service in one go, Status will change to “Running” after a successful restart.

Verification Service Mode

This section defines the configuration required for the Verification Service to entertain requests directly or behaving as gateway server for backend Verification Service

Enable Service Mode

When this option is enabled then Verification Service handles all the requests and responds accordingly. 

Note: Service Mode is enabled by default. 

Verification Response   Signing  Certificate

All verification response messages are signed so that client applications can trust the ADSS Server responses. To specify the signing certificate (and private key) use the drop-down menu labeled Verification Response Signing Certificate. If such a key has not been generated and/or certified then do this via the Key Manager.

Hashing Algorithm

Hash algorithm would be used to digest verification response signing data to maintain the response integrity. Default value is SHA256.

Possible values are:

  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • RipeMD160

Client request messages must be signed

Select this check box to enforce the requirement that service request messages must be signed by the business application. The service checks the signature on the request message using the client’s certificate (registered within the Client Manager module) in order to authenticate the client application otherwise authentication fails and the request is rejected.

Store input and output documents in the transactions log

The ADSS Server administrator can select this checkbox to store the document to be verified/enhanced within the service request log record and the verified/enhanced document within the response log record. By default this option is disabled.

Note: This option must be used with care! Depending on the size and volume of documents being verified/enhanced setting this option could dramatically increase the size of the ADSS Server log records and hence the database size requirements.

Note: We do not support to Store input and output documents in the transactions log when gateway mode is enabled.

Use local System Clock

All verification response messages include a time stamp. If this radio button is selected then the timestamp is based on the system clock of the ADSS Server machine.

Use RFC3161 timestamp

If this radio button is selected then the verification response message will include a cryptographically protected timestamp token issued by a TSA. 

Verification Service Mode

This section defines the configuration required for requests forwarding to back-end Verification Service. 

Enable Gateway Mode

If enabled, this Verification Service instance will behave as Gateway instance for backend Verification Server. Verification gateway verifies the request structure & validates the Client. Upon success, it relays the received request to the back-end Verification Server using the provided configurations defined below. On failure, it returns error to the calling application.

Verification Service Address

Use this field to add Verification Service address(es).

List of Verification Service Address

This field shows the Verification Service addresses that can be used to forward requests to the back-end Verification Server. Multiple service addresses can be added. Test button checks that the service is available. The Remove button deletes a configured service address.

Verification Profile

Optionally specifies the Verification profile to be used for back-end Verification Service request. 

Note: If not configured then request will be forwarded to back-end Verification service without Verification profile and the back-end Verification Server will use the default Verification profile configured against the Client in Client Manager.

Client ID

Define the Client ID registered in back-end Verification Service. Verification Service will use this Client ID while communicating with back-end Verification Service. 

The back-end Verification service verifies that this is a registered Client ID within the Client Manager module before granting access to the service.

Use TLS Client Authentication

If this option is enabled then CSP Service will communicate with back-end CSP Service using TLS client authentication. 

Note: By default it is disabled.

Certificate

Select the client TLS certificate which pre-exists in the Key Manager

Note: It is required to register the Issuer CA of the client TLS certificate in Trust Manager with the purpose CA for verifying TLS client certificates


Ensure all the changes are saved by clicking the Save button and restart the service to take changes effect.



See also

Step 1 - Generating Keys and Certificates
Step 2 - Registering CAs
Step 3 - Configuring CRL Monitor

Step 4 - Configuring Verification Profile
Step 5 - Configuring Signature Quality
Step 6 - Registering Business Application