...
- For signing operations it needs to contact the RAW signature services (PKCS#1 format) at https://fra.firmacerta.it
- For timestamp operations it must be able to contact the Timestamping Authority (TSA) set in the call. In this case the protocols that can be used are HTTP and HTTPS. In the details, Namirial TSA can be reached at http://timestamp.firmacerta.it and at https://timestamp.firmacerta.it
- For signing verifications it must be able to contact the CA that issued the signer's certificate to prove its validity
- Update TLS (TrustedList) contacting periodically every EC national agencies that supervises the Certification Authority (in Italy is AgID).
...
Minimum Requirements
Allocated Resources to the Virtual Machine
For proper operation it is necessary that the virtual machine has assigned, at least, the following resources:
- 4 GB RAM (8 GB are suggested)
- 40 GB Hard Disk
- 2 core
- 1 network interface
Ports and Protocols Usages
Below the list of port and protocol used by SWS:
| Operation | Description | Frequency | Protocol | Ports | TCP/UDP | Address | SWS Environment |
|---|---|---|---|---|---|---|---|
| Signature | Send a request to Namirial server for sign the hash | Every call | HTTPS | 443 | TCP | fra.firmacerta.it | PROD |
| TimeStamp | Send a request to Namirial server for apply the timestamp to the hash | Every call | HTTP | 80 | TCP | timestamp.firmacerta.it | PROD |
| TimeStamp | Send a request to Namirial server for apply the timestamp to the hash | Every call | HTTPS | 443 | TCP | timestamp.firmacerta.it | PROD |
| Verification OCSP | For validate the certificate send request to OCSP for check the certificate | Every call (whenever possible) | OCSP | 80 | TCP | It depends on the CA issued the certificate used for the signature. For Namiriai is: "ocsp.firmacerta.it" | PROD |
| Signature | This operation send a request to Namirial server for sign the hash | Every call | HTTPS | 443 | TCP | fra.test.firmacerta.it | TEST |
| TimeStamp | Send a request to Namirial server for apply the timestamp to the hash | Every call | HTTP | 80 | TCP | timestamp.test.firmacerta.it | TEST |
| TimeStamp | Send a request to Namirial server for apply the timestamp to the hash | Every call | HTTPS | 443 | TCP | timestamp.test.firmacerta.it | TEST |
| Verification OCSP | For validate the certificate send request to OCSP for check the certificate | Every call (whenever possible) | OCSP | 80 | TCP | It depends on the CA issued the certificate used for the signature. For Namiriai is: "ocsp.firmacerta.it" | PROD |
| Verification CRL | For validate the signature certificate check the serial number into CRL | HTTP/LDAP | 80, 389 | TCP | It depends on the CA issued the certificate used for the signature. For Namiriai is: "crl.firmacerta.it" | PROD | |
| Verification | At startup SWS download all European Trusted Root from European supervisory agenciences | HTTPS | 443 | TCP | ec.europa.eu (the full link is: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml) | TEST, PROD | |
| Updates and Monitoring | Used for receive automatic updates and receive | Always | JABBER, HTTP, HTTPS | 5222, 443, 80 | TCP | scm.firmacerta.it | TEST, PROD |
| NTP sync | synchronize date and time | Always | NTP | 123 | UDP | ||