The ADSS Server Trust Manager module is used to register all trusted Trust Authorities (TAs). When verifying signed objects it must be possible to build a certificate chain from the signer’s certificate to one of the trusted authorities registered in the Trust Manager in order for the signature to be considered valid.
The Trust Manager is therefore a global utility supporting various other modules of the ADSS Server whenever there is a need to verify signed objects such as certificates, OCSP responses, CRLs or timestamp tokens. To support this functionality the following Trust Authority types can be registered (more than one purpose can be selected):
Registered CAs are shown in the hierarchical form by default according to their issuer. One can switch between List View and Hierarchical View by clicking the List View button. The list of registered trusted authorities can shown in either Ascending or Descending order by: TA Friendly Name; Status; Purpose; or Created At date.
Clicking on the Search button on the Trust Manager main page will display following screen:
This helps to locate a particular trusted authority. The TA can be searched based on TA friendly name, status or purpose of the CA registered in the Trust Manager service. If a search is based on multiple values, then these will be combined together using the “AND” operand, and thus only records that meet all the criteria will be presented.
A new CA can be added by clicking the New button. An existing CA can be edited/deleted by clicking the Edit/Delete button. Click on the Usage Map button to see if any referential integrity exists for this CA. If any referential integrity exists and operator click the Delete button then system will show this usage dialog with the information in which services the particular CA is used. If you click the Delete button again on this dialog then the CA and its references will be deleted from all services. The following shows the dialog:
The next sections show the steps to register a new Trust Authority.