Master List Signing Configuration

The Master List Signing page allows Administrators to configure the connection to SignServer, used for signing a master list.

This following example page displays configuration values for the NPKD development environment.

• SignServer URL: The URL to SignServer. The URL can either be the basic URL (for example, "https://signserver:8443/signerserver"), or can contain the WorkerName (for example, "https://signserver:8443/signserver/worker/<WORKER_NAME>"). Both HTTPS and HTTP protocols are supported.
• SignServer Worker: The name of the worker on SignServer that will sign the master list. If the worker name is not set in the URL, it must be set here.
• TLS Keystore Type: The type of keystore. If set to "PKCS12" or "JKS", the keystore will be loaded from file specified with the property TLS Keystore or PKCS11 Shared Library File. If set to "PKCS11", the keys stored in the HSM configured with the property TLS Keystore or PKCS11 Shared Library File are used.
• TLS Keystore or PKCS11 Shared Library File: The full path of the keystore file to be used as client for establishing TLS to ICAO Download LDAP, or the path to the shared library file (.so file) specific for the installed HSM, or a SUN configuration file.
• TLS Keystore Password or Hard Token Pin: The password to be used for opening the protected keystore file, or the pin to be used for the keys stored on the HSM.
• PKCS11 Shared Library File: The path to the shared library file (.so file) specific for the installed HSM, or a SUN configuration file.
• PKCS11 Slot Label Type: The method used to identify the HSM's slot containing the key to be use, or "SUN Configuration File" if a SUN configuration file is specified in the TLS Keystore or PKCS11 Shared Library File. Used only if TLS Keystore type is set to "PKCS11".
• PKCS11 Slot Label Value: The HSM's slot containing the key to be used.
• PKCS11 Key Alias: 

Click Save to save all configuration options on the page.

To test if the configured connection, click Save and Test Connection. The connection is then tested against the configured SignServer application when the configuration options are saved.