General Configuration

The General configuration page allows configuring the NPKD workflow (regardless if executed manually or using the Scheduler).

The following options are available:

Option

Description

Home Country

The country NPKD resides in. NPKD will only allow upload of PKD objects belonging to the specified country. The home country is set in the configuration file NPKD_HOME/conf/npkd_deploy.properties as of version 1.4. For older installation, when re-deploying NPKD

or restarting the application server, if that value is present in the configuration file, it will override the value in the database, otherwise, the value in the database is the one that will be used.

Validate certificates before importing

If selected, the certificate's validity check will be performed on import. Note that this only impacts the time validity, and not the revocation check and verification against CSCA certificates.

Allow three letter country code (non ICAO 9303)

If selected, certificates with three letter country codes will be accepted. Once imported, those certificates will behave the same as usual certificates with two letter country codes. Default: false.

Perform CRL revocation checks on import

If selected, revocation check will get performed on import of a certificate or CRLs. On importing a CRL all certificates found to be revoked will get unpublished. Default: true.

This setting is currently also required to have the Scheduler perform revocation checks.

Use country CRL for revocation checks

If selected, revocation check will also be performed against the latest country CRL. This is a ICAO feature and not part of X509. Default: true.

Import certificate if there is no any CRL present

If selected and there is no present CRL to check against for the certificate to be imported, the certificate will be imported. However, if the CRL is present, revocation will be performed as usual. Default: true.

Issuer CSCA must be published

If selected, any issued NPKD object cannot be published unless the issuer CSCA certificate is published. Default: true.

Auto publish DS when issuer CSCA is published

If selected, publishing a CSCA certificate will publish all issued DS certificates.

Auto publish CRL when issuer CSCA is published

If selected, publishing a CSCA certificate will publish all issued CRLs.

Auto publish master list when issuer CSCA is published

If selected, publishing a CSCA certificate will publish all 'issued' master lists.

Auto import CSCA certificates in master list

If selected, importing a master list will import the CSCA certificate assuming there is one inside signer certificate chain. If cleared, non-ignored CSCA certificate has to be present to import a master list. Default: false.

Auto import CSCA certificate in deviation list

If selected, importing a deviation list will import the CSCA certificate assuming there is one inside signer certificate chain. If cleared, non-ignored CSCA certificate has to be present to import a deviation list. Default: false.

Import master list if not newer

If selected, the master list will be updated (overwritten) even if the signing date is the same or older as the one presented in the database. If cleared, the import will be aborted if the master list to be imported does not have a newer signing date. Default: false.

Import deviation list if not newer

If selected, the deviation list will be updated (overwritten) even if the signing date is the same or older than the one presented in the database. If cleared, the import will be aborted if the deviation list to be imported does not have a newer signing date. Default: false.

Import CRL if not newer

If selected, CRL will be updated (overwritten) even if the CRL number is the same or lower than the one presented in the database. If cleared, the import will be aborted if CRL about to get imported doesn't have higher CRL number. Default: false.

Maximum number of CSCA certificate errors during import

Limits the number of CSCA certificate import errors written to the Audit logs. Default: 5.

Maximum number of DS certificate errors during import

Limits number of DS certificate import errors written to the Audit logss. Default: 5.

Maximum number of Master List errors during import

Limits number of Master List import errors written to the Audit logs. Default: 5.

Maximum number of Deviation List errors during import

Limits number of Deviation List import errors written to the Audit logs. Default: 5.

Maximum number of CRL errors during import

Limits number of CRL import errors written to the Audit logs. Default: 5.

Advanced
Save

Click Save to update the general configuration settings. Note that these settings will be used by all NPKD operations regardless of how the settings were initiated.