15 May 2012
Thanks to the warm temperatures of this winter, we are encouraged and we decided to introduce news about the most complete monitoring system on the electronic signature of market.
Following the path of our informative post about Viafirma Manager , we launch the third of the series,
where we treat validation sources and how to configure the time-stamping authorities (TSA).
• It allows management of Certification Authorities and Validation Authorities that you wish to support, to a system level or a concrete implementation level.
• To make it easier for System Administrators, it is used the default validation mechanism which comes in X509.V3 structure of the digital certificate.
• You can specify for each Certification Authority a specific validation service, if you do not want to use the default reported on the digital certificate.
• You can specify more than one service and Validation Authority for Certification Authority, and a priority order to be followed in case one of them is down. For example, “first verify via OCSP if there is no response, via CRL’s.” Even being able to choose (in case all services are giving an response error) if it may or may not continue operation without having secured the revocation status of the certificate.
In addition, to manage certification authorities which are authorized for each specific application (eg, “X application supports only eID”) and even it is allowed to enlist unrecognized certification authorities (for example, one created with PKI software) and its corresponding validation authorities, following the same rules and options with recognized Certification Authorities.
Time Stamping Authorities (TSA) Settings
Viafirma Platform supports interaction with any TSA (Timestamping Authority) that comply the RFC 3161 standar, required in signature formats (either long-lived signatures) which take timestamps within the signing evidences. This timestamping support can be used with any type of format that admits the inclusion of timestamping, signing mode, operation in client, server, etc..
First, we proceed to configure on Viafirma Manager’s administration interface the TSA services we have available at the platform. This configuration is very simple, since essentially all we need is the URL of the TSA service.
Subsequently, the platform can associate an application to:
• The timestampings authority or authorities (TSA) to be used in each case.
• The order of invocation of the TSA. This allows, for example, that even a TSA service is not available, the settings and app associated are used.
Finally, the system stores data for each operation such as TSA finally used in a signing operation, the response time, etc..
On next posts, we will talk about Roles of Access and Auditing, but in the meanwhile, we would like to hear any comments, questions or doubts you may have.