Home > Global Settings > Advanced Settings > Services Level Settings > TSA Settings

TSA Settings

Property Description
Add TSA Subject Name in Time Stamp Token
 When enabled, TSA response signing certificate subject distinguished name will be added to the generated time stamp token.
Possible values are (default) FALSE, set this to TRUE to enable this feature.
  • ADD_TSA_NAME_IN_TOKEN = TRUE
Supported Hash Algorithms Comma separated list of accepted hash algorithms (Name/OID) used to compute the message imprint in the TSA request objects.
Possible values are (add all or some of these on the same input line)
  • SUPPORTED_HASH_ALGORITHM = SHA,SHA1,SHA224,SHA256,SHA384,SHA512,RipeMd160,RipeMd128,GOST3411
Note: Whenever SHA1 is used, both SHA and SHA1 must be specified as shown above.
Signature Padding Scheme Define the time stamp signature padding scheme to be used when generating a time stamp token. ADSS Server supports both the usual (default) PKCS#1 and RSA PSS 2.1 padding scheme.  Possible values for this feature are:
  • SIGNATURE_PADDING_SCHEME = PKCS1
Note: The RSA PSS 2.1 padding scheme is only supported when using RSA Keys. Click here for more details on limitations when PSS padding scheme is used.
TRANSACTION_LOG_COLUMNS If your database size grows too quickly because a lot of TSA  transactions are being logged then the size of log information can be reduced by removing some data columns from the database logs. The following are the attributes which manages the logging of specified column:
  • TRANSACTION_LOG_COLUMNS = RelyingPartyId,TsaCertificate,Request,Response,Message,PolicyId,Nonce,SerialNumber,MessageImprint,RelyingPartyIp,RelyingPartySslCert,ExternalTsaAddress,ErrorCode
If you remove any of the column in these properties then that column's value will not be stored as part of transaction logging. The columns consuming most resources are "Request" and "Response" and for very high volumes these should be removed. 

Note: When using ADSS TSA Server as a proxy for an external TSA, then these values are useful: ExternalTsaAddress and Message. 


Usual logging for an TSA Service

  • TRANSACTION_LOG_COLUMNS = TsaCertificate,Request,Response,PolicyID,Nonce,SerialNumber,MessageImprint,ErrorCode

Minimal logging for an TSA Service

  • TRANSACTION_LOG_COLUMNS = PolicyID,Nonce,SerialNumber, MessageImprint,ErrorCode

Parameters Mapping with Transactions Log Viewer

Definition of each configuration parameter and their purpose:

  • RelyingPartyId: The distinguished subject name as it appears on the TLS client authentication certificate.  This parameter is only available when TLS client access is required to access TSA services.  Remove this parameter if TLS client authentication is not used for access.

  • TsaCertificateTSA response signing certificate in its entirety. ADSS TSA Server supports the deployment of multiple TSA servers, and each can have a unique private signing key and corresponding certificate.

  • RequestThe complete TSA request received from the calling client.  

  • ResponseThe complete TSA response sent to the calling client.

  • PolicyIDTSA policy identifier that this time stamp token was produced under. ADSS TSA Server supports the deployment of multiple TSA servers, and each can have a unique policy identifier.   

  • NonceThe nonce value sent in the client request and returned in the response.  The nonce value in request and response must match, and its purpose is to defend against replay attacks.   

  • SerialNumberThe unique identifier for the particular time stamp token. Each serial number must be unique and along with the TSA name, uniquely defines the time stamp token from all others.

  • MessageImprintThe hash of the data to be time stamped, as received in the request from the calling client.  

  • RelyingPartyIpIP address, if available, of the calling client.

  • RelyingPartySslCertTLS client authentication certificate. This parameter is only available when TLS client access is required to access TSA services. Remove this parameter if TLS client authentication is not used for access.

  • ErrorCodeIn the event of failure to process a request the error code is recorded.  Note for all successful transactions this value is null.

  • ExternalTsaAddress: External TSA address when ADSS TSA Server acts as a proxy to that particular service.

  • MessageThe error message received from an external TSA in the event of failure.  Note this strictly applies to external TSAs when ADSS TSA Server acts as a proxy to that particular service.  In the event of success this entry is always null.
Transaction Log Settings Transactions can be stored either directly or delayed for better performance. The following properties are used for logging:
  • TRANSACTION_LOG_MODE = LAZY
    Used to decide whether the transactions are kept in memory before these are stored in the database (LAZY logging) or directly stored in the database (EAGER logging). Possible values: LAZY, EAGER
    In case of LAZY logging the transaction logs are kept in memory upto the number of seconds configured in TRANSACTION_LOG_LAZY_INTERVAL or number of transactions configured in TRANSACTION_LOG_LAZY_RECORD_COUNT whichever is reached first

  • TRANSACTION_LOG_LAZY_INTERVAL = 2
    When LAZY logging is configured, transactions are kept in memory upto the configured time or if the configured TRANSACTION_LOG_LAZY_RECORD_COUNT is reached before it

  • TRANSACTION_LOG_LAZY_RECORD_COUNT = 400
    When LAZY logging is configured, transactions are kept in memory until the configured number of transactions is reached or if the configured TRANSACTION_LOG_LAZY_INTERVAL is met before it.

See also

Signing Service
Verification Service
Certification Service
OCSP Service
OCSP Repeater
XKMS Service
SCVP Service
LTANS Service
Decryption Service
OCSP Monitor
GoSign Service
RA Service
CRL Monitor
RAS Service
SAM Service
CSP Service
NPKD Service
SPOC Service