NBT run the tracing service which we piggyback on to. It is run on server nbsvr325 . We access the service via two mounted shares on systems-live.renalregistry.northbristol.local .
//nbsvr325/DBS2_DATA/OUTBOX/DBS/DBS002 100G 34G 66G 34% /mnt/nhs-tracing/outbox
//nbsvr325/DBS2_DATA/INBOX/DBS/DBS002 100G 34G 66G 34% /mnt/nhs-tracing/inbox
We add tracing files to the inbox and any response file will appear in the outbox. The file in the inbox is deleted when it is submitted. NBT have struggled to enable us to have delete rights in the outbox since the server was rebuilt so we currently cannot delete returned files.
On the nbsvr325 the files are processed via two scheduled jobs:
The jobs submit every hour at half past the hour and pick up every hour on the hour. So the minimum turn around is 30 minutes if you hit the scheduled times.
Issues occur when the scheduled jobs stop or less frequently the DBS certificate expires. This last happened in October 2020 and the not from NHS digital said "Normally these certificates expire after 3 years, but due to the sub CA expiring early so will this one , on the 27th June 2022"
Certifcate Instructions Supplied by NHSDigital for renewal
Organisation ASID: 834424843011
Organisation ID: RVJ
Organisation Name: NORTH BRISTOL NHS TRUST
FQDN: dbs-RVJ.nbt.nhs.uk
You can download the client (not required for certificate renewal) and associated documentation from http://nww.hscic.gov.uk/demographics/dbs/guidance
As this is a certificate renewal, you will need to backup the keystore to a different location (just in case) and then delete everything in the keystore directory apart from the root and newsubCA files, then as per section 5.3 of the installation guide you will need to run the following command, from the command prompt, whilst in the [DBS2_APP_HOME] directory, you can copy and paste it into the command prompt as we have pre-filled it for you:
keystore-tool.bat Generate_CSR dbs-RVJ.nbt.nhs.uk EDT.csr
This will create the certificate signing request in the [DBS2_APP_HOME]\keystore directory as EDT.csr. Please send the EDT.CSR file to the DIR team (DIR@nhs.net) and include your ODS (site code) with the subject heading of DBS certificate renewal. We will then return a certificate which should be saved to the [DBS2_APP_HOME]\keystore directory with a name of servercert.cer
You can then run the 3 import commands as per the guide, again whilst in the root of the [DBS2_APP_HOME] directory, please note that they must be run in the order below:-
1) keystore-tool.bat Import_CA_Cert rootca.der ca_cert
2) keystore-tool.bat Import_CA_Cert newsubca.der subca_cert
3) keystore-tool.bat Import_Signed_Cert servercert.cer
If you wish to re-download the Root and SubCA certificates, rather than re-use them please note that the link for the root and subCA certificates in the installation guide is no longer valid, please use https://esw.national.ncrs.nhs.uk/esw/ (Please include the final / after the esw or it will fail). The install SUBCA link will download a file called subca.der, this needs renaming to newsubca.der before running the import commands. If using Internet explorer please note that it sometimes save the certificates with a CER extension rather than DER, before running the import commands please ensure that the both the RootCA and NewSubca have the DER extension whilst the Servercert has the CER extension.
Documentation on the software used can be found here http://nww.hscic.gov.uk/demographics/dbs/guidance/
Installation documentation for the windows setup used is:
