How to Set Up a Test CA with OCSP and TSA?

The X-Road core includes Central Server, Configuration Proxy (optional) and Security Server. When setting up an X-Road environment, trust services that include a CA with OCSP and TSA are required in addition to the X-Road core. The CA is used for issuing certificates to Security Servers (authentication certificates) and to X-Road member organizations (signing certificates). See also: What kind of keys and certificates the Security Server has?

Trust services can be provided by commercial trust service providers, a trusted certification authority and a trusted time-stamping authority. Alternatively, it is possible to use open source tools. When setting up a test or development environment using open source tools should be sufficient solution. When setting a production level environment, a trusted certification authority and a trusted time-stamping authority are usually required.

The official documentation for setting up a test CA with TSA and OCSP is available at https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md.

N.B. When the test CA is used, the class below must be defined as the Certificate Profile Info provider on the Central Server when adding an approved certification service:

ee.ria.xroad.common.certificateprofile.impl.BasicCertificateProfileInfoProvider

Page:

How to Set Up a Local Test Environment Using Docker Compose?
Page:

What Is a Certificate Profile?
Page:

What Is a Country-Specific Meta Package?
Page:

What Are the Technical Requirements for Trust Service Providers?
Page:

What Is a Certification Authority (CA)?

Related articles