Home > ADSS SCVP Service > Configuring the SCVP Service > Step 5 - SCVP Service Manager Settings

Step 5 - SCVP Service Manager Settings

The SCVP Service Manager module allows operators to start, stop, or restart the SCVP Service and also make changes to service related configurations. The SCVP Service Manager screen is shown below:



The configuration items are as follows:

Items Description
 
Service Address		 The address of the SAM service being controlled from this Service Manager. Ensure the address points to the correct service URL, i.e. if you are running the service on multiple machines in a load-balanced configuration then check that the name is correct for the particular instance that needs to be started/stopped/restarted. By default it will be that of the local machine.
Start
 Start the service. Status will change to “Running” after a successful start.
Stop
 Stop the service. Status will change to “Stopped” after the service is stopped.
Restart
 Stop and then start the service in one go, Status will change to “Running” after a successful restart.
Client request messages must be signed
 Select this checkbox to ensure that client applications are forced to sign SCVP Service request messages. The ADSS SCVP Service checks if the path of the request signing certificate can be built to a trusted authority present within Trust Manager. If the path is not built to a trusted CA withing the Trust Manager then the request will not be entertained.
Response Signing Certificate
 All SCVP Response messages are signed so that end user can trust the ADSS SCVP Service responses. To specify the signing certificate (and private key) use the drop-down menu labeled Response Signing Certificate. If such a key has not been generated and/or certified then do this via the ADSS Key Manager as explained in Step 1.

Note: When operating in FIPS 201 compliant mode, the ADSS Server operator must ensure that the length of the SCVP response signing key must be at least as large as, or larger than, the key length used by the CA that issued the target certificate (i.e. certificate being validated).
Hash Algorithm Selected hashing algorithm is used to sign the generated SCVP responses.  The available options are SHA1, SHA224, SHA256, SHA384, SHA512, RipeMD128 and RipeMD160.

Note: When operating in FIPS 201 compliant mode, the ADSS Server operator must ensure that the hash algorithm configured for the SCVP response signing process must be at least as large as, or larger than, the hash algorithm used by the CA in issuing the target certificate (i.e. certificate being validated). Also note RipeMD128 and RipeMD160 are not available when operating in FIPS 201 compliant mode using a FIPS 140-2 evaluated hardware crypto module.
 


Ensure any changes are saved by clicking the Save button and service is restarted to take changes effect.

See also

Step 1 - Generate Key and Certificate
Step 2 - Register CAs Using Trust Manager
Step 3 - Configure an SCVP Validation Policy
Step 4 - Configure CRL Monitor