Setup

To enable Microsoft 365 to use a specified TSS appliance for its default time stamp service, you must:

Install the root certificate of TSS on the client machine

To install the root certificate of TSS on the client machine:

  1. Log into the TSS as the security officer (superuser).

  2. In the left pane, navigate to TSA Management > Operational Status. For example:

    tss op stat

  3. Select the TSA Name, then select Cert Info.

  4. Select the certificate and Export it to a .cer file. For example:

    tss certif

  5. On the client machine, enter certmgr on the Windows Start menu to start the Microsoft Certificate Manager.

  6. In the left pane, navigate to Certificates > Trusted Root Certificate Authorities > Certificates.

  7. Import the exported .cer file. For example:

    certmgr

    The certificate is added.

Edit the registry settings

To edit the registry settings:

  1. On the Microsoft 365 computer, enter regedit on the Windows Start menu to start the Registry Editor.

  2. In the left pane, navigate to Computer > HKEY_CURRENT_USER.

  3. Export the HKEY_CURRENT_USER registry settings as a backup before you continue. For example:

    regedit export

  4. Navigate to the following registry path: Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Signatures.

    If the registry path does not already exist, you must create it.

  5. Add the following variables to the registry path:

    Name Type Data

    MinXAdESLevel

    REG_DWORD

    2

    Timestamp Required

    REG_DWORD

    1

    TSALocation

    REG-SZ

    http://<TSS_IP_address>/TSS/HttpTspServer

    XAdESLevel

    REG_DWORD

    5

    In this table, <TSS_IP_address> is the IP address of the TSS appliance. You may use a host name instead of an IP address.