Table of Contents
How to replace an expired CA certificate?
There can be three scenarios to replace an expired certificate:
When a CA certificate has expired then that CA certificate cannot be trusted to verify any certificates issued by it or its sub-CAs, hence all such certificates will be reported as not trusted. Moreover, the certificates issuance by the local CA will also stop functioning, if the expired CA has been configured as local CA.
How to ensure trust anchors are synchronised when the Core/ Console/ Service instances are running on different machines?
Whenever a CA is added, updated or deleted from the ADSS Trust Manager module, then the “adss.keystore” and "jssecacerts" files are automatically updated by the ADSS server. Now in a scenario, where ADSS Server is running in the load balancing environment, and the core and console instances are running on different machines. Here if the core instance becomes either down or unavailable, then upon initiating any of 'new', 'edit' or 'delete' operation, only the local instance of "adss.keystore" and "jssecacerts" files is updated with the CA status accordingly.
ADSS server may behave inconsistently.
How to link a CA to the relevant TSAs in the ADSS Trust Manager module?
Timestamp authority (TSA) addresses are primarily stored within Global Settings > Timestamping module. These timestamp authorities can be used for various purposes e.g.