Configuring the Verification Service

Following are main steps to be taken when configuring the ADSS Verification Service. The order in which the steps are defined is not important since it is easy to go back to an earlier step and also make changes later if required.

Steps	Description
Step 1:	Use the Key Manager module to generate the keys and certificates needed for the Verification Service. The most important of these is the Verification Service response signing key.
Step 2:	Register the relevant “trusted” CAs using the Trust Manager module so that the certificates issued by these CAs can be accepted as trustworthy. Note: Registering the intermediate CAs can shorten the path discovery/validation process overheads and time.
Step 3:	Ensure the ADSS CRL Monitor is running and the CRLs are being retrieved successfully for the registered CAs or Import the CRLs for the trusted CAs in CRL Monitor module, to determine the revocation status if you wish to use the locally held CRLs for revocation checking.
Step 4:	Configure one or more Verification Profiles that will specify which of the Trust Anchors to use, requirements for the Path Validation and other settings. Client applications refer to the Verification Profile within their request messages sent to the ADSS Verification Service.
Step 5:	Specify the requirements for certificate and algorithm quality.
Step 6:	Register one or more client applications within the Client Manager. These can now be authorised to make requests to one or more verification service profiles.
Step 7:	Use the ADSS Verification Service Manager to start/stop/restart the service. ADSS Verification Service is required to be restarted when a Verification Profile is added/updated/deleted.