Menu
▾
▴
Re: [SignServer-develop] Choose which certificate is used to sign data
|
From: <ant...@yo...> - 2012-12-26 23:19:16
|
On Wed, 26 Dec 2012 16:48:48 +0700, Nancy Dang <nan...@gm...> wrote: > Hi, > > I would like to customize the project in a way that allows me to > choose which certificate is used to sign the data. > > Currently, to my knowledge, I need to specify a .p12 file in the > property file of each signer. That file will then be used for signing. > I want to change the source code so that the worker can be reloaded > (or started) by some command like this: > > # bin/signserver.sh reload 3 001 > > where 3 is the worker ID and 001 is the certificate ID from a > database. > > I'm new to Sign Server and still dig in. Please help me with some > ideas how to do this. Or at least answer the question: Is this > possible? > > Thank you very much. Hi, Welcome to the community ! You should use a JKS file to store your private keys and your certificates. It will be faster. I have 2 suggestions. Perhaps, you could change the property "defaultkey" in the configuration of the worker. The defaultkey corresponds to the alias of the private key stored in the keystore. Otherwise, I develop a new functionality which could interest you. In the configuration of the worker, I add one property where you specify different parameters that the client of signserver has to specify. In my case, I need the alias of the private key used to sign. These properties are stored in the metadata which could be sent for example by Web Services. In that case, you just have to change in the different workers the line getPrivateKey(alias) and put alias with the one sent. Do not hesitate to tell me if you don't understand something. Will you often change the private key to use ? How many private keys will you use ? If it is not an important number, you should use different workers with different values of the property "defaultkey". Best regards, Antoine Louiset Yousign |
