How to Set Up a Test CA with OCSP and TSA?
The X-Road core includes Central Server, Configuration Proxy (optional) and Security Server. When setting up an X-Road environment, trust services that include a CA with OCSP and TSA are required in addition to the X-Road core. The CA is used for issuing certificates to Security Servers (authentication certificates) and to X-Road member organizations (signing certificates). See also: What kind of keys and certificates the Security Server has?
Trust services can be provided by commercial trust service providers, a trusted certification authority and a trusted time-stamping authority. Alternatively, it is possible to use open source tools. When setting up a test or development environment using open source tools should be sufficient solution. When setting a production level environment, a trusted certification authority and a trusted time-stamping authority are usually required.
The official documentation for setting up a test CA with TSA and OCSP is available at https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md.
N.B. When the test CA is used, the class below must be defined as the Certificate Profile Info provider on the Central Server when adding an approved certification service:
ee.ria.xroad.common.certificateprofile.impl.BasicCertificateProfileInfoProvider