Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

ADSS services and infrastructure components that can reference keys stored on the Futurex HSM.
This section is informational. Configuration of individual ADSS services is outside the scope of this integration guide. For service-specific configuration steps, refer to the ADSS Server Admin Guide available within the running ADSS Server console at https://[adss-host]:8774/adss/console/docs/help/welcome.html.
Once the Futurex HSM is configured as a Crypto Source and one or more keys have been generated against it, those keys can be referenced by any ADSS service that performs signing operations. Each service that consumes a key has a corresponding configuration section in the ADSS Server Admin Guide.

Service signing keys

ADSS ServiceKey PurposeADSS Admin Guide Reference
Signing ServiceSigns documents and data on behalf of business applications. Supports PDF/PAdES, XML/XAdES, CMS/CAdES, PKCS#7, S/MIME, and ASiC.Signing Service > Signing Profiles
TSA ServiceSigns RFC 3161 / RFC 5816 timestamp tokens.TSA Service > TSA Profiles
OCSP ServiceSigns OCSP responses (RFC 2560 / 6960 / 5019) on behalf of one or more registered CAs.OCSP Service > OCSP Profiles
Certification ServiceSigns end-entity certificates and CRLs as an internal Certification Authority.Certification Service > Certificate Authorities
SCVP ServiceSigns Server-based Certificate Validation Protocol responses (RFC 5055).SCVP Service > SCVP Profiles
LTANS ServiceSigns long-term archive evidence records (RFC 4998 / RFC 6283) and optional notary signatures.LTANS Service > Archive Profiles
Go>Sign ServiceSigns hashes in server-side signing flows and produces signature enhancements.Go>Sign Service > Go>Sign Profiles
RAS / SAM ServiceHolds end-user signing keys for Remote Authorised Signing flows under sole control.RAS Service / SAM Service
CSP ServiceHolds end-user signing keys exposed via the Cloud Signature Consortium (CSC) API.CSP Service

Infrastructure and operational keys

KeyPurposeADSS Admin Guide Reference
TLS Server Authentication certificateSecures TLS communication between the Core, Console, and Service Tomcat instances and external clients.Key Manager > Service Keys; Global Settings > System Certificate
System Master Key (HSM-based startup)Protects ADSS database encryption material when the master key is held on the HSM rather than in software. Selected during installation.Installation Guide > Master Key Configuration
Key Encrypting Key (KEK)Wraps end-user signing keys for encrypted storage in the ADSS database. Keys are unwrapped only inside the HSM at signing time.Key Manager > Crypto Source > Key Wrapping Settings