System Certificates
This page is used to configure the TLS Server Authentication Certificate and Logs Archive signing certificate as shown below:
Configuring TLS Server Authentication Certificate
TLS Server Authentication certificate is used to secure the communication channel between client and server (ADSS Server) from intruders. To configure an TLS server authentication certificate in ADSS Server, Import or create new TLS Server Authentication key with purpose TLS Server Authentication in the Key Manager. Click here for more details on key and certificate generation and importing in ADSS Server.
The TLS Server authentication certificate must include Machine Name/Domain Name/IP Address of the relevant ADSS Server deployment, in certificate's Common Name (and also as SAN extension if there are multiple domain names). If ADSS Server is installed in a load-balanced mode on multiple machines then all machine names MUST be part of the DNSName attribute of SAN extension for TLS handshake between ADSS Server and client applications.
Configuring Log Archive Signing Key and Certificate
This key and certificate is used to sign transaction log archive files as they are manually or automatically extracted and archived from ADSS Server at the configured time interval. The digital signature protects the integrity of the logs and prevents unauthorised changes. To configure a log archiving certificate in ADSS Server, Import or create new Log Signing key with the purpose Log Archiving. Click here for more details on key and certificate generation and importing in ADSS Server. Transaction Log archiving configurations are available in each service module, including Signing, Verification, OCSP, TSA, etc.
Do not open the signed archive file in Microsoft Excel or related application. It may corrupt the signature so use the Notepad instead.
See also