Activity for Marcus Lundblad
-
Marcus Lundblad created a blog post
SignServer CE 6.3.0.Final
-
SignServer CE 6.2 is released
-
SignServer CE 6.2 is released
-
It worked when we tried signing it, using the sample code00003 signer cert from the sample keystore (res/test/dss10/dss10_keystore.p12):
-
Since you installed the amd64 deb package, I assume it's a 64-bit system. So, in this case it should probably be cryptotoken.p11.lib.10.file=/usr/lib64/libIDPrimePKCS11.so As the manual states that's the one to use for 64 bit (I think Java will probably fail to load the library using JNI if it's the wrong architecture).
-
You would need to configure the path the PKCS#11 library used in conf/signserver_deploy.properties (can be copied and edited from conf/signserver_deploy.properties.sample) and add an entry for your PKCS#11 library and then re-deploy. When you set a SHAREDLIBRARYNAME that is pointing to a library that is not installed, you get this message "Available library names: ", but in this case it's empty, so none of the default ones are found on your system. Once the library is configured, you should be able...
-
Yes. You need to setup TLS client certificate authentication. For example you could use the sample keystores as a quick way to get started (present in res/test/dss10). There there are demo keystores and truststores that could be used with WildFly (exmplained in README.txt). There is also a demo client keystores that could be installed in a browser (dss10_admin1,p12 for example). When this is done, to allow initial access to the admin web UI, issue bin/signserver wsadmins -allowany from the CLI to...
-
Hi! You could download and deploy SignServer CE 5.2.0.Final. It will have the admin web interface. Also, if your USB token has a PKCS#11 interface (with a driver for it), it should be possible to use as a PKCS11CryptoToken crypto worker. If the driver is not among the pre-configured built-in drivers, you would also then need to add it to conf/signserver_deploy.properties (as a cryptotoken.p11.lib.<number>.[name|file] propery pair. And re-deploy.</number>
-
Thanks! No, unfortunatly it's currently not possible to override REASON via the request metadata. It is only considered at config-time via the worker property. But this might be a useful feature (perhaps also for other params). //Marcus
-
Can you see the key entry if you view the token entries in the admin GUI? Or, using the admin CLI command: $ bin/signserver querytokenentries -token <id of="" worker="" crypto=""> -v</id> Also, when generating keys using an external tool you might need to also generate the dummy certificate along with the keypair (using the same alias) as the SunP11 implementation in Java always needs a certificate to be associated with the key if I remember correctly. Oh, and btw, the name of you crypto worker is...
1 >