Q: What does this tool cover?
A: The Tool tests your system's ability to discover organizationally-bound and user-bound certificates following the Certificate Discovery process required by Direct. It also tests that your certificates are discoverable following the Certificate Discovery process.
Q: Is there a user guide?
A: Yes: The 2.1.2 Release User Guide is the latest. Other user guides can be found in a particular release's wiki space.
Q: Is there a demo version of the Tool already deployed that I can use to test my Direct instance?
A: Yes: http://demo212.direct-test.com/
Q: Which browsers are supported by the Tool?
A: You can use the Tool on Chrome, Firefox, and Internet Explorer. It has been tested with the following versions: Chrome, Firefox versions 13 and 14, Internet Explorer versions 8 and 9.
Q: When I try to download the anchor file in Firefox, it asks me if I want to trust this and a RootCA for my local system. Should I do this?
A: This is not what you want to do. You need to right-click the link and choose "Save Link As...", save it somewhere on your system, and add it to your Direct instance as a trust anchor.
Q: My System doesn't trust the Tool even after uploading your anchor to my anchor store. Is there something wrong with your anchor?
A: We've noticed that some systems (including the Java Reference Implementation) take 5 minutes or longer to fully integrate any new anchors into their system. If you want to shortcut this waiting period, restarting your James server should do the trick.
Q: I'm not receiving any response emails but my Direct messages are being sent to the demo site.
A: Check your junk mail or spam folders. Sometimes the messages are routed to these folders. The messages come from: dcdt@esacinc.com.
Q: Why does the user interface for hosting test DTS551 ask for a Direct address instead of for a domain?
A: The testing tool parses the Direct address to determine the domain, which conforms to how email works in the real world and mimics how a HISP will determine the domain.
Q: Which tests are required to demonstrate Meaningful Use Stage 2 capabilities?
A: The tool is divided into two types of tests, Hosting and Discovery. All Discovery tests are required for MU2 certification. However, for Hosting tests - the SUT only has to take the tests that apply to their implementation - which could be as few as one test (e.g. Address-Bound DNS), 2 tests (Address-Bound DNS and Domain-Bound DNS), or all 5 tests (Address/Domain-Bound for both DNS and LDAP). In other words, the SUT MUST be able to acquire certificates from any other conformant Direct implementation - regardless of the choices that system made; but for Hosting, the SUT only needs to prove at least one hosting method (systems should test for every hosting method they support, so if your product implements all optional methods - you MUST pass all 5 Hosting test cases).
Q: Why do some tests say that I failed because I didn't follow the correct SRV record priorities?
A: The specifications are written such that the priorities of the SRV Records should be taken into account by initiating Direct implementations. Here is a quote from the specifications regarding this notion: From the list of LDAP services the consumer should attempt to contact them based first on the priority value and, if there is more than one with the same priority value, they should then be ordered based on the weight value. Note that this is a SHOULD requirement, but not a MUST. Our Tool highlights these discrepancies and warns the consumer when they ignore the priority values.
Q: What do you mean by high priority LDAP instances vs. low priority LDAP instances?
A: If you fail a test for choosing the wrong priority valued LDAP server first, we send a warning message that says that you chose the higher priority valued LDAP server (which is identified in an SRV Record) instead of the lower priority valued LDAP server. What this actually means (and therefore can be confusing) is that your system chose an LDAP server with a higher valued priority (e.g. "2") instead of a lower valued priority (e.g. "1"). We send our diagnostic information in the human-readable format as opposed to the technical terminology for priority value. See RFC 2782 for more information about SRV records and their priorities.
Q: Why are there no tests for testing IPKIX compatibility?
A: The Applicability Statement for Secure Health Transport section 5.3 states that DNS Certificates can be either X509 or IPKIX. This requirement should equate to at least one test to ensure a a System's ability to retrieve an IPKIX certificate. As of September 2012, the Direct Reference Implementations (both Java and the C#) do not support either storage of or retrieval of IPKIX certificates. Our disposition on this is that test tool coverage will wait until the question is resolved in the Reference Implementation - and that test candidates only need to show interoperability with the regular 509 method (and not IPKIX). The RI issue can be tracked here: http://code.google.com/p/nhin-d/issues/detail?id=188&colspec=ID%20Project%20Type%20Status%20Priority%20Owner%20Summary
Q: Where does the code live?
A: The code is in a Google Code repository and can be built from source by following the 2.1 Source Install Guide.
Q: How do I install the Tool locally?
A: The Tool can be installed by following 2.1 Linux Package Install Guide.
Q: How do I submit a defect?
A: Enter the issue at our JIRA issue tracker.
Q: If I choose to install the Tool locally, can I deploy it on another application server besides Tomcat?
A: Yes, while the Tool was developed using Tomcat, there are no Tomcat-specific dependencies built into the Tool, so you can deploy it on other application servers. Besides Tomcat, it has been tested with the following application servers: JBOSS
Q: If I choose to install the Tool locally, do I have to install it on a Windows server?
A: No, the Tool is designed to be deployed to a Linux environment, with Ubuntu being the preferred/tested distribution.
Q: If I choose to install the Tool locally, do I have to build it from source?
A: No, you can install it from a Linux package.