HSM Keepalive Service

The service periodically (with configured interval) goes through all available Crypto Tokens and makes a test signature if the following conditions are met:

  • The crypto token is a PKCS#11 crypto token, i.e. has a PKCS#11 library path configured.
  • The crypto token is active.
  • The crypto token has a key with alias 'testKey'.

If these conditions are met, a test signature with the testKey is performed. In addition, if security audit log protection is configured, a test string is protected with the security audit log protection, also testing this crypto token (which is not available in the crypto tokens in the GUI).

This will ensure that all configured PKCS#11 slots are used regularly, preventing connection timeouts that could lead to service downtime. You only need to enable this service if you encounter HSM timeouts. The occurrence of such timeouts depends on the specific HSM used, networking equipment etc.