Timestamping
If any of the service modules use a time stamp authority (e.g. Signing Service for time stamping of signatures, or the Verification Service for time stamping of response messages), then the details of one or more TSA servers needs to be configured within Global Settings. Clicking on the Timestamping will show the following screen:
The table of Timestamping authorities can be sorted in either Ascending or Descending order by selecting a table column from the drop down list. The list can be sorted by "Server Address", "Policy ID", "Include Nonce", "Timeout", "Require Certificate", "Created At" or "Status".
To add or edit a TSA click on NEW button and the following screen is shown:
For TLS Authentication
For Basic Authentication
The fields are as follows:
| Item | Description |
| Status |
Timestamp authorities can either be marked active or inactive. Inactive timestamp authorities are not used to generate timestamp tokens. |
| TSA Server Address |
Add the TSA Server address (Click here for a list of publicly available TSAs for testing purposes). |
| Policy ID | Optionally configure the TSA Policy OID that will be referenced in the request message to the TSA Service. Timestamping Authority will produce the timestamp token against the referenced policy. |
| Timeout | The timeout defines the period that ADSS Server should wait for a response from the TSA before closing the request. |
| Include nonce | Defines whether to add a unique (random) number in the request message, ADSS Server will then check that the response from TSA also includes this number. |
| Require TSA Certificates | Defines whether the TSA should include its certificate (recommended) in Timestamp response. |
| Perform revocation status checking for TSA certificates | When enabled, ADSS Server will perform revocation checking for the external Time Stamp Authority's certificate before accepting the response from that TSA. |
| TSA requires authentication |
Check this option If TSA Server requires authentication, it defines the following:
If communication fails with a TSA Server then Error Code 401 is returned in the logs which means that the resource requires authentication which has not yet been provided OR which has been provided but failed the authentication checks. |
| Use TLS client Authentication |
If
this option is enabled then ADSS Server will communicate with Timstamping authority using TLS Client Authentication. Select the TLS Client Certificate which pre-exists in the Key Manager.
Note: It is required to register the Issuer CA of the TLS Client certificate in Trust Manager with the purpose CA for verifying TLS client certificates purpose.
|
| Use Basic Authentication (User ID and Password) |
If this option is enabled then ADSS Server will communicate with Timstamping authority using user ID and Password based authentication. It defines the following: |
| User ID | Provide the User ID used by ADSS Server to connect with this timestamping authority. |
| Password | Provide the corresponding password for the User ID to connect with this timestamping authority. |
| Authentication Scheme | Select the Authentication Scheme to be used for basic authentication:
|
| Hashing Algorithm |
Select the hash algorithm to be used to compute the message imprint for the timestamp request when a test connection is performed for this timestamp authority. The following hash algorithms are supported:
|
See also