Re: [SignServer-develop] Timestamp configuration

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 03/20/2017 11:41 AM, Arnaud Defos wrote:
> Hi,
> 
> Thanks for your answer.
> 
> I try to follow instructions to setup 3.7.0 timestamp signer for demo
> (it is not the same instructions for the current version) but I have
> several errors on the timestamp signer :
> 
> Here is an extract of : >bin/signserver getstatus brief all
> 
> Status of CryptoWorker with id 7 (CryptoTokenP12) is:
>    Worker status : Active
>    Token status  : Active
> 
>    Worker properties:
>       KEYSTORETYPE=PKCS12
>       
>       CLASSPATH=org.signserver.common.ProcessableConfig
>       
>       DEFAULTKEY=Signer 2
>       
>       KEYSTOREPATH=/opt/signserver/res/test/dss10/dss10_signer2.p12
>       
>       SIGNERCERT=
>       
>       NAME=CryptoTokenP12
>       
>      
> SIGNERCERTCHAIN=MIIEhzCCAm+gAwIBAgIITQ7wWwEnF4EwDQYJKoZIhvcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XDTE0MTAxMDA4NDQyOVoXDTM0MTAxMDA4NDQyOVowQDEUMBIGA1UEAwwLVFMgU2lnbmVyIDIxGzAZBgNVBAoMElNpZ25TZXJ2ZXIgVGVzdGluZzELMAkGA1UEBhMCU0UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiQkk9WQ+ufdrnms7oDcGdt7Sd8lH0gNIjwCYWFgQEugp+Jq/HSgx1t0N74OTC/vzEGSBuP//aWEwJWayz3RHNj53R3SuDZI/zL8OzLHCuKoJ+4zuWeWC9IcJjChfz64MzvMjnfKQpWGoje23IU9rxGyN8U4hap/f376wlSF5biP3H2u61/qqC2PE5g9DAPKBP1whWkztl6GGpViVxBlGymsyDnmzZI39rvySsBbnWayggOB337Nuwi/O4aoKyk7cA3xvaby2UdOUD8Tj7c5mRKqCnHwVIoh9spRrzrqlHOm29xsv/CkXFiTLGpwHqjsIWdZuveBQ+nPwqO5jvKkybAgMBAAGjeDB2MB0GA1UdDgQWBBRKRH8HvWJ0mZHx15nOIECpLNbOEzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCB6Id7orbsCqPtxWKQJYrnYWAWiMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAgEAcVo//K7a0PDKQypvdYLMR5byNr+lvQlvf2ebnnbL7epgZor+5iKPy8NbEfdlu1PzQaJKcM9XVc68cWyuS1JStJHQuCeFDt8JBe2Wy+z6sC905nxkh495YYHFzjV8OpA5K7f8fcEnres+7BJM9opnLlWZwCcZx1UjWy1ETOuT//0311Uhn/MXd3V3cfx3oCRrZ+EgS/XFg1FFqnk1Ntxa4AIpyr8dWR8boTG9uN/kd5D8gLJUINwCI+AMfzsnotMqYwpUGtnaayssTpVQqQ8w2vUvJ8mlqbbOZS+d1HJ+xAWhXjVwxk9t++LUTXW6lKp8YuYNN2w+j/Ga4o76QO1tsRAhtgVYiiTOf9nHO9fJvLj+N/qxVr2OWq+/C9n87moyZHuD0aDW6FoqkG/Adh0g1GNolop6M1C+iu/SRrdFF7aoBr083lQxI32OLsFrICWqZX1+cWk5yZn6ARuiDLX4GSaz63VmoqEW4TPN51HIGX0p4VVOagfqNQrEg86pTlZFpBfQ9LlmpYV/B2x5Snbpe/raW67hQ1NvrrDV/ilxxKXdFLXXBARqn6/t73F0SkyFtCHhSieOm1TMli3IdHgV7up88TE5PnJ6VT6n+mcaQxz4bUmpFKCoFFlIaHpQSW2iQQsOXgKt/GOJEajR/MGhZNJeTpWK4Bs4uffGDwu+Tck\=
>       
> 
>    Authorized clients (serial number, issuer DN):
> 
> 
> Status of Signer with id 8 (TimeStampSigner) is:
>    Worker status : *Offline*
>    Token status  : Active
>    Signings      : 0
> 
>    *Errors: *
> *      - No signer certificate available*
> *      - No key available for purpose: null*
> *      - Unsupported certificate type*
> *
> *
>    Worker properties:
>       CRYPTOTOKEN=CryptoTokenP12
>       
>       CLASSPATH=org.signserver.common.ProcessableConfig
>       
>       AUTHTYPE=NOAUTH
>       
>       SIGNERCERT=
>       
>       NAME=TimeStampSigner
>       
>       WORKERLOGGER=org.signserver.module.tsa.DefaultTimeStampLogger
>       
>       SIGNERCERTCHAIN=
>       
>       DEFAULTTSAPOLICYOID=1.2.3
>       
> 
>    Authorized clients (serial number, issuer DN):
> 
>    Signer certificate:
> *      Error: No Signer Certificate have been uploaded to this signer.*
> 
> 
> Do you have any ideas ?
> 
> Thanks for your help !
> 
> 
> Arnaud

Hi Arnaud,

You probably should specify in your TimeStampSigner which key in
CryptoTokenP12 that it should use.

For instance set the worker property DEFAULTKEY=Signer 2 in TimeStampSigner.

Cheers,
Markus
PrimeKey Solutions

Save time and money with an Enterprise support subscription. Please see
www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/