Configuring the TSA Service
The following are the steps to be taken to configure the ADSS TSA Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.
| Steps | Description |
| Step 1 | Generate or import the keys and certificates required for the local TSA Service using the Key Manager (Not required when forwarding requests to external TSA servers) |
| Step 2 | Configure one or more TSA Profiles to create local virtual TSA to create timestamps signed by a local timestamp signing key and certificate for a defined policy or configure an external TSA |
| Step 3 | Use the ADSS TSA Service Manager to start/stop/restart the service. ADSS TSA Service is required to be restarted when a TSA Profile is added/updated/deleted. |
It is not necessary to register TSA Service clients within the ADSS Client Manager (i.e. as required for ADSS Signing, Verification and Certification services). Instead the TSA Service identifies clients either by their client TLS authentication certificates or when TLS client authentication is not used it can allow/disallow access based upon the client’s IP address. How to control access to the ADSS TSA Service is described in the TSA Service Access Control section.
It is possible to specify a list of the allowed hash algorithms for the message imprint in the TSA requests. The details can be found here.
See also