- SignServer Introduction
- SignServer Installation
- Worker Setup
- Configure Client Certificate Authentication and Authorization
- Certificate Renewals Using Peer Systems
- Setting up Key Wrapping
- Setting up One-time Keys
- Setting up OpenPGP Signer
- Client HTTP Interface
- Client WS Interface
- Client CLI
- Admin WS Interface
- Legacy Interfaces
- Apache HTTP Server as Reverse Proxy
- Stresstest CLI
- P11NG CLI
- Deploy-time Configuration
- Common Configuration
- Common Properties
- Time Stamp Signer
- MS Authenticode Time Stamp Signer
- Extended Time Stamp Signer
- MRTD Signer
- MRTD SOD Signer
- PDF Signer
- ODF Signer
- XML Signer
- XAdES Signer
- OOXML Signer
- CMS Signer
- Extended CMS Signer
- MS Authenticode Signer
- MS Authenticode CMS Signer
- JArchive Signer
- JArchive CMS Signer
- Master List Signer
- Plain Signer
- OpenPGP Signer
- Debian Dpkg-sig Signer
- OpenPGPPlain Signer
- SignServer Document Validators
- SignServer Dispatchers
- SignServer Validation Service Framework
- SignServer Timed Services
- Other Workers
- Alias Selectors
- SignServer Authentication and Authorization
- Status Repository
- Health Check
- SignServer TimeMonitor Application
SignServer User Interfaces
- Administration CLI
- Administration GUI
- Main Page
- Workers Activation Page
- Workers Deactivation Page
- Workers Key Generation Page
- Workers Test Key Page
- Workers CSR Page
- Workers Install Certificates Page
- Workers Renewal Page
- Workers Removal Page
- Workers Reload from Database Page
- Workers Export Page
- Workers Add Page
- Worker Page
- Global Configuration Page
- Administrators Page
- Audit Log Page
- Archive Page
- Database CLI
- Peer Systems
- Client-Side Hashing
- Key Wrapping
- Developer Reference
- SignServer Release Information
Lists administrator certificates that has been explicitly granted access and specific roles.
Also note the Allow Any Administrator setting which if set to "Allow any" grants the Admin role to any administrator with a valid certificate even if it is not listed. Instead with the value "Only listed", only the administrators listed in the table are allowed.
Adds a new authorization rule.
Fill in the Certificate serial number in hex format and the Issuer DN.
Alternatively use the ... (browse) button to upload a certificate to load it from or use the Load Current button to fill in the values from your administrator certificate.
Select the Roles that should be assigned.
Click the Add button to have the new rule saved.
For an existing authorization rule the corresponding Edit button allows for changing the values.
Make the wanted changes to the Certificate serial number field, Issuer DN field and for the Roles.
Click the Submit button to have the updated rule saved.
For an existing authorization rule the corresponding Remove button allows to remove a rule.
Confirm the removal by clicking the Remove button.
Allow Any Administrator
Before switching to allowing only listed administrator make sure your credentials are listed otherwise you will directly be denied access after the switch.
|Switch to 'Only listed'||If the current setting is to allow any administrator then clicking this button switched to the other mode.|
|Switch to 'Allow Any'||If the current setting is to only allow listed administrators then clicking this button switched to the other mode.|
|Allow incoming connections||Check this check box and Click the Save button in order to allow incoming connections from Peer Systems.|
|Save||Saves the state of the Allow incoming connections check box.|
|Remote identity||The subject DN from the client certificate for the incoming connection.|
|Remote address||The IP address of the incoming connection.|
|Last seen||The date and time the connection was last made.|
|Authorized||If the certificate is in the Peer Systems role.|
|Clear||Click the button to forget the connection.|
|Modify Authorization||The button is visible if there is a rule for the certificate. Clicking the button opens the Edit Authorization page for the rule.|
|Add Authoriztion...||The link is visible if there is not a rule for the certificate. Clicking the link opens the Add Authorization page with the certificate information filled in and the Peers Role selected.|