SignServer without Database

It is possible to operate SignServer without a database management system and instead rely on SignServer to manage persistence using local files.

Note that all features of SignServer are not supported without having a database and the performance and scalability characteristics might differ. Currently, archiving to local files is not supported.

To increase throughput it is recommended to disable the key usage counter, as every request would otherwise have to lock and update that file. For more information, see the property DISABLEKEYUSAGECOUNTER in the section Limiting the number of signatures.

Upgrading to a later version should generally be handled automatically during the first startup. Review Upgrade SignServer and SignServer Upgrade Notes and create a backup of the file-based database files before attempting to run a later version.

Configuration

For all steps included in installing SignServer, see Install SignServer.

The following section highlights configuring deployment properties when running SignServer without a database.

Deployment Properties

To run SignServer without a database, set database.name to nodb in the signserver_deploy.properties file :

database.name=nodb

Set the location for the local file-based database:

database.nodb.location=/opt/signserver/nodb

Ensure to specify a path to a location where SignServer can write files. The default value is empty. If a relative path is used, it is most likely relative to the application server's working directory. The directory should either point to an existing SignServer file database, or be completely empty. If the directory is empty, SignServer will create the initial database structure at startup.

mkdir /opt/signserver/nodb

Structure of Data

The file-based database uses a number of files in the specified directory. Read/write synchronization is handled internally in the application and it is thus not supported to manually change files while the application server is running. Generally, it is neither supported to have multiple application servers running with SignServer using the same database directory.

Migrating to/from Database

When migrating either to or from another database management system, without setting up all worker configurations from scratch, it is recommended to use the admin command dumpproperties to dump the current configuration to a file, and then on the new system use setproperties followed by the reload command for every worker id.

Note that the dumpproperties command will not include the list of authorized clients and these need to be set up again in the new system. To check for authorized clients, run the admin command listauthorizedclients.