KeystoreInConfigCryptoToken

Overview

A CryptoToken using a PKCS#12 keystore stored in the configuration (in the database).

The content of the keystore is not part of the regular worker properties. Thus, it is not included when running the dump properties command. It is also removed when removing the crypto worker (or regular worker when using the legacy method to set-up crypto tokens). To backup the content of the crypto token, a database backup should be made.

The password supplied when activating the token the first time will be used as the keystore password.

CRYPTOTOKEN_IMPLEMENTATION=org.signserver.server.cryptotokens.KeystoreInConfigCryptoToken.

Available Properties

Property
Description
KEYSTOREPASSWORDThe password that locks the key-store. Used for automatic activation.
DEFAULTKEYThe key to use. If not specified the first found key is used. (optional)
NEXTCERTSIGNKEYThe next key to use. See PKCS11CryptoToken. (optional)