- SignServer Introduction
- SignServer Installation
- SignServer Operations
- SignServer Integration
-
SignServer Reference
- Deploy-time Configuration
-
SignServer Workers
- Common Configuration
-
SignServer Signers
- Common Properties
- Time Stamp Signer
- MS Authenticode Time Stamp Signer
- Extended Time Stamp Signer
- MRTD Signer
- MRTD SOD Signer
- PDF Signer
- ODF Signer
- XML Signer
- XAdES Signer
- OOXML Signer
- CMS Signer
- Extended CMS Signer
- MS Authenticode Signer
- MS Authenticode CMS Signer
- JArchive Signer
- JArchive CMS Signer
- Master List Signer
- Plain Signer
- OpenPGP Signer
- Debian Dpkg-sig Signer
- OpenPGPPlain Signer
- SignServer Document Validators
- SignServer Dispatchers
- SignServer Validation Service Framework
- SignServer Timed Services
- Other Workers
- SignServer Components
- Logging
- SignServer Authentication and Authorization
- Status Repository
- Health Check
- SignServer TimeMonitor Application
-
SignServer User Interfaces
- Administration CLI
- Administration GUI
-
Administration Web
- Main Page
- Workers Page
- Global Configuration Page
- Administrators Page
- Audit Log Page
- Archive Page
- Database CLI
- Internationalization
- Peer Systems
- Client-Side Hashing
- Key Wrapping
- Developer Reference
- SignServer Release Information
Workers Key Generation Page
A new key-pair can be generated and its name stored as the next key in the configuration.
Make sure that each worker that should have a new key-pair generated has its check box selected.
Work from left to right for each worker and specify the required information.
Renew Keys
| Column | Description |
|---|---|
| Signer | Name of the worker. Clicking the link goes to the worker's page. |
| Old Key Alias | The name of the current key (if any). This is stored in the configuration as the DEFAULTKEY property. |
| Key Algorithm | Name of the key algorithm to use for the new key. Examples: RSA, DSA, ECDSA, AES. The value is already filled in if the worker has a KEYALG property specified.
If the worker references the JackNJI11CryptoToken, the algorithm name can be specified as a long or hexadecimal constant value. For more information, see Secret Key generation in JackNJI11CryptoToken. |
| Key Specification | Parameters for the key generation process. For RSA and DSA this should be the key length and for ECDSA the name of the curve. Examples: 2048, 3072, secp256r1. The value is already filled in if the worker has a KEYSPEC property specified. |
| New Key Alias | The name for the new key to generate. |
If generating a symmetric (secret) key and the specified key algorithm name is not present in the predefined list of known secret key algorithms, the key algorithm name must be specified with the prefix "SEC:", for example: SEC:Blowfish. Currently, the secret key list contains the algorithms AES and DES.Actions
| Action | Description |
|---|---|
| Generate | Performs the key generation for each selected worker. The result of the key generation is written out in the Result column. If all key generations was successful the page is automatically switched back to the previous otherwise the page remains and the user has the ability to try again. |
| Cancel | Returns to the previous page. |