Fully qualified class name: org.signserver.server.timedservices.hsmkeepalive.HSMKeepAliveTimedService

Overview

The HSMKeepAliveTimedService is a timed service that can be used to periodically run the test key operation on selected crypto workers. This is intended as a measure to prevent HSM connections timing out. The service will use the key alias TESTKEY for the workers when set, and will otherwise fall back on DEFAULTKEY.

Note that the service will not fallback on DEFAULTKEY if TESTKEY is set, but did not succeed when testing the key.

Available Properties

PropertyDescription
CRYPTOTOKENS 

Comma-separated list of worker names or worker IDs of workers whose keys should be tested. This would typically be crypto workers i.e. corresponding to different slots in an HSM, but could also be regular workers with crypto tokens configured directly. This property is required, but can be set to an empty value if only audit logging is needed (see below).

(warning) If secure audit logging is used and a separate crypto token is used for logging, service logging using the WORK_LOG_TYPES property and the SECURE_AUDITLOGGING value can be used to write to the audit log at the same time as testing crypto worker keys, to keep the auditlog crypto token from timing-out. For more information, see SignServer Timed Services.