This page is used to configure the TLS Server Authentication Certificate and Logs Archive signing certificate as shown below: 


Configuring TLS Server Authentication Certificate

TLS Server Authentication certificate is used to secure the communication channel between client and server (ADSS Server) from intruders. To configure an TLS server authentication certificate in ADSS Server, Import or create new TLS Server Authentication key with purpose TLS Server Authentication in the Key Manager. Click here for more details on key and certificate generation and importing in ADSS Server.

ADSS Server comes with a Default TLS Server authentication certificate, so after installation we must create a new TLS Server authentication certificate and ensure that it includes Machine Name/Domain Name/IP Address of the relevant ADSS Server deployment, certificate's Common Name (and also as SAN extension if there are multiple domain names). If ADSS Server is installed in a load-balanced mode on multiple machines then all machine names MUST be part of the DNSName attribute of SAN extension for TLS handshake between ADSS Server and client applications.


Configuring Log Archive Signing Key and Certificate

This key and certificate is used to sign transaction log archive files as they are manually or automatically extracted and archived from ADSS Server at the configured time interval. The digital signature protects the integrity of the logs and prevents unauthorised changes. To configure a log archiving certificate in ADSS Server, Import or create new Log Signing key with the purpose Log ArchivingClick here for more details on key and certificate generation and importing in ADSS Server. Transaction Log archiving configurations are available in each service module, including Signing, Verification, OCSP, TSA, etc.

Do not open the signed archive file in Microsoft Excel or related application. It may corrupt the signature so use the Notepad instead.

The hash algorithm 'RipeMD 128' will not be supported when the keys are generated using the ECDSA key algorithm.

 


See also

NTP Time Monitoring
Timestamping
Connectors
Real Time Revocation
Notification Settings
System Alerts
High Availability
System Security
Authentication Profiles
Authorisation Profiles
Import/Export Settings
License Manager
Advanced Settings
Miscellaneous Settings