Table of Contents
How can I include the full TSA certificate chain in timestamp response produced by ADSS TSA Server?
How to restrict ADSS TSA service to only entertain timestamp requests which use specified hash algorithm?
- Launch the ADSS Server Console
- Navigate to the location: Global Settings > Advanced Settings
- From the Property Type dropdown select the option TSA
- Search for the property SUPPORTED_HASH_ALGORITHM
- Edit this property to configure the desired hash algorithms (to be allowed) and remove all others. Click here to learn more about supported hash algorithms.
- Save the changes
- Restart the ADSS Server Service instance from Windows services panel or UNIX daemon to have the changes take into effect
Is it reliable to use the system clock in a virtualised environment?
ADSS TSA Server works with virtualised and physical system environments. It is often observed that the clocks within virtualized systems are locally configurable and hence may not be able to sync properly with the server time, while generating timestamps. So they cannot be relied upon during any form of VM backup process.
In such circumstances, ADSS TSA Server can be configured to get time directly from an NTP server or HSM internal clock. However, using this may reduce the throughput accordingly. Physical systems are therefore recommended.