Trust Anchor Settings
This page is used to configure the Trust Anchors that will be used for trust building during certificate validation:
Trust Anchor Type drop-down displays two types of trust anchors i.e. ADSS Server Trust Anchors and Trust Anchors from TSLs.
- If 'ADSS Server Trust Anchors' is selected, it will display all the trust anchors registered in ADSS Trust Manager.
- When a TSL (Trust Service List) is auto-synchronised, the issuer of its trust service providers are automatically added in the Trust Manager. Hence for validation purposes, its trust anchors must also be configured in Verification Service. Therefore if 'Trust Anchors from TSLs' is selected from the drop-down, it will only display the trust anchors added automatically via TSL.
You can select the Trust Anchors that you wish to use for path building/validation for this policy. TAs available for path building/validation are shown in the right hand box labelled Selected Trust Anchors while the TAs that will not be used for path building/validation are shown in the left hand box labelled Available Trust Anchors. The >> and << buttons are used to move trust anchors between these two lists. At the time of policy creation, all Trust Anchors appear in the 'Selected Trust Anchors' list.
By checking the option 'Automatically trust any new Trusted Authorities added to ADSS Trust Manager' will automatically add any new trust anchor registered in the Trust Manager module to the 'Selected Trust Anchor' list. New TA will automatically be used for path building/validation and it avoids the need to manually assign new Trust Anchors to the profile.
Clicking the Next button will display the Signature Settings page.
See also
General Settings
Signature Settings
Algorithms Settings
Path Discovery Settings
Path Validation Settings
Advanced Settings