ADSS Server

Introduction

ADSS Server is an Ascertia product and it is the main engine where the core cryptography is implemented. It is used to configure the Certificate Authorities (CA), issue CRLs, provides the OCSP responses, creating digital signatures and also supports many other PKI functions. ADSS Server has a number of different PKI services and each service servers a different purpose. The administrators are required to create a connector to communicate with an ADSS Server service. The Web RA supports the communication with the following ADSS Server services to serve the purpose:

Certification Service - This the most commonly used ADSS Server service with Web RA. It is used to configure the Certificate Templates, CA Profiles, Publish CRLs and provide the revocation via OCSP
CSP Service - Cryptographic Service Provider (CSP) service is an Ascertia service that stores the cryptographic keys securely. It is also integrated with Microsoft CSP and you use this for the document signing and authentication from the Windows natively.

A connector is required in Web RA Admin to communicate with the respective ADSS Server instance.

Create an ADSS Server Connector

Click External Services from the left menu.
Click Connectors.
Click from the grid header.
A dialog will appear to add the connector details. The connector dialog is comprised of two screens, i.e. Basic Information and Details. Specify the basic information and click Next to provide the respective connector details. See the below table for fields description.
Click Finish. A new connector will be saved and displayed in the list.

Basic Information
Field	Description
Name	Specify a unique name for this connector, i.e. My ADSS Server. This connector will be used in the ADSS Service Profiles.
Provider	Select the provider for this connector, i.e. "ADSS Server".
Active	Tick this check box to make this connector active. Inactive connectors cannot be configured in the Certification or CSP Profiles.

Details
Field	Description
Server Address	Specify the address and port number of ADSS Server. ADSS Server support the three communication protocols and ports and following are the addresses: Plain HTTP: http://[hostname]:8777 TLS Server Auth: https://[hostname]:8778 TLS Mutual Auth: https://[hostname]:8779 - for mutual authentication, you are required to specify the TLS Mutual Auth Key and Password in the upcoming fields
Client ID	Specify the Client ID that has been configured in the Client Manager module of the ADSS Server for this connector
Client Secret (optional)	Specify the client secret that has been generated in the ADSS Server against this Client ID
TLS Mutual Auth Key (PFX/ PKCS#12)	If mutual authentication is required, browse the client authentication key. Leave this field blank, if mutual authentication is not required.
TLS Client Certificate Password	Specify the password of the client authentication key. Leave this field blank, if mutual authentication is not required.
Request Signing Key (PFX/ PKCS#12)	If request signing key is required, browse the request signing PFX. Leave this field blank, if request signing is not required.
Request Signing Key Password	Specify the password of the request signing key PFX. Leave this field blank, if request signing is not required.
Timeout (seconds)	Specify a timeout (in seconds) for ADSS Server, i.e. 300. Web RA will display an error message to the end users after the specified time, in case this ADSS Server is unresponsive to a certification request.