Skip to end of metadata
Go to start of metadata

Table of Contents

How can I include the full TSA certificate chain in timestamp response produced by ADSS TSA Server?

In order to add the full TSA certificate chain in timestamp response, register the TSA chain up to the Root CA in Trust Manager and then restart the ADSS Server from Server Manager so that changes take in to effect. See Trust Manager to learn how to register CAs in ADSS Server.

How to restrict ADSS TSA service to only entertain timestamp requests which use specified hash algorithm?

  1. Launch the ADSS Server Console
  2. Navigate to the location: Global Settings > Advanced Settings
  3. From the Property Type dropdown select the option TSA
  4. Search for the property SUPPORTED_HASH_ALGORITHM 
  5. Edit this property to configure the desired hash algorithms (to be allowed) and remove all others. Click here to learn more about supported hash algorithms. 
  6. Save the changes
  7. Restart the ADSS Server Service instance from Windows services panel or UNIX daemon to have the changes take into effect

Is it reliable to use the system clock in a virtualised environment?

ADSS TSA Server works with virtualised and physical system environments. It is often observed that the clocks within virtualized systems are locally configurable and hence may not be able to sync properly with the server time, while generating timestamps. So they cannot be relied upon during any form of VM backup process.

In such circumstances, ADSS TSA Server can be configured to get time directly from an NTP server or HSM internal clock. However, using this may reduce the throughput accordingly. Physical systems are therefore recommended.

  • No labels