Discuss this help topic in SecureBlackbox Forum

Authorization on TSP server

Some timestamping servers restrict access only to authorized users. Two common authorization types are used: using a standard HTTP authorization (plain, basic or NTLM), and using X.509 certificates (to authorize users via TLS client authentication mechanism). Both authorization options are available through the TElHTTPSClient component.

When using TElHTTPTSPClient for timestamping, the HTTP authorization parameters are specified via its HTTPClient property. To set up HTTP authorization, configure the following properties of the corresponding TElHTTPSClient object:


tspClient.HTTPClient.RequestParameters.Username = "user";
tspClient.HTTPClient.RequestParameters.Password = "user";

To set up TLS-based client authentication, load your certificate (with its private key) into TElMemoryCertStorage. Attach the certificate storage to your HTTPS client using its ClientCertStorage property. You will find more details about configuring TLS components for client authentication in the relevant section of the documentation.

Despite its rarity, it is worth to mention the third authorization option, namely the CMS-based TSP requests. In this scenario each TSP request is signed with the requestor's certificate and enveloped in a CMS message. To produce such request, load your certificate (with its private key) into TElMemoryCertStorage and attach the storage to your TSP client's CertStorage property. Don't forget to set the RequestFormat property to TSBTSPRequestFormat.tsfCMS.

How To articles about TSP (Timestamping Protocol)

Discuss this help topic in SecureBlackbox Forum