Configuration
The application has a configuration file at ~/.digicert-trust-assistant/config.json
. Edit the file to customize.
Configuration parameters
Section | Name | Type | Value (Default) | Description |
---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
updateServer | string | Constant value | ||
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
loginSessionValidity | number | 300 0 when id = WINOS | MACOS, or when omitted | Configure the number in seconds of how long the login session is retained after the user enters the PIN. Also when a user performs any token-based operation, the session will be reset to this value. 0 means the session will not be retained. | |
logger | format.level | string | info | Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change | |
jobs | name | string | <job name> | Do not change |
enable | boolean | true | Do not change | |
intervalSec | number | depends | Interval in seconds the job runs. | |
rememberLast | boolean | depends | Whether to remember the last run even after application reboot. | |
randomSec | number | depends | Decides the timing when the job runs. If 0, it will run immediately. If number is specified, it will randomly decide between 0 and randomSec time in seconds to wait til it runs. |
Example
{ "license": { "algorithm": "ES384", "issuer": "https://trustassistant.digicert.com", "x509": "MIICHjCCAaSgAwIBAgIULRidBMJPgU/+2kCa/94y+vZtC48wCgYIKoZIzj0EAwMwPTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURpZ2lDZXJ0IE9uZSBMaWNlbnNlIFJvb3QwIBcNMjAwMTAxMDAwMDAwWhgPMjEyMDAxMDEwMDAwMDBaMD0xFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSIwIAYDVQQDExlEaWdpQ2VydCBPbmUgTGljZW5zZSBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXjjpsiEBlldhARkre/KC05lDz/iOPtb6XPBD2TKS/8zCb4S3bk7SvAzOWs0hsNnceNMXKqtwtHidHSQArZ80wme6jLzPtAaaQVpu0+/HOsMvSp+7Gp85y4hxzUbLrCzio2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb/vlWAYkK/YBwkwCgYIKoZIzj0EAwMDaAAwZQIwKQIBaAUl0WQTIAY8E0nFauEQM0gkOnuCOSb+ACTpR9ayxoK3uQIHW4ZuWZgXK+tQAjEAl2xsyoKAvMbeCOXRbLki2rlfdIqdt/DG8vjFaaWW/tkLUhqiVRBYJK8upG02h52b" }, "backends": [ { "backend": "https://api.trustassistant.local:8443", "productCode": "", "activationCode": "" } ], "setting": { "locale": "en", "diagnosis": false, "window": { "x": 0, "y": 0, "width": 1000, "height": 600 }, "autoUpdate": false, "updateServer": "https://pki-downloads.digicert.com/dta", "winSilentUpdate": true, "dcTlsClient": { "verbose": false } }, "services": [ { "index": 1, "name": "LogMgmtService", "enable": true, "setting": { "authenticate": false } }, { "index": 2, "name": "TokenMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 3, "name": "KeyMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 4, "name": "CertMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 5, "name": "APIService", "enable": true, "setting": { "authenticate": true, "host": "localhost", "port": 8900, "protocol": "http" } }, { "index": 6, "name": "ProfMgmtService", "enable": true, "setting": { "authenticate": false } }, { "index": 7, "name": "DiagnosisService", "enable": true, "setting": { "authenticate": false } }, { "index": 8, "name": "PostScriptService", "enable": true, "setting": { "authenticate": false, "msTimeout": 10000 } }, { "index": 9, "name": "AuthMgmtService", "enable": true, "setting": { "authenticate": false } }, { "index": 10, "name": "UpdateService", "enable": true, "setting": { "authenticate": false }, "job": { "name": "AutoUpdate", "msInterval": 86400000 } }, { "index": 11, "name": "WorkFlowService", "enable": false, "setting": { "authenticate": false } }, { "index": 12, "name": "JobMgmtService", "enable": true, "setting": { "authenticate": false } } ], "keystores": [ { "id": "DCSWKS", "enable": true, "icon": "SoftHSM", "type": "SWToken", "removable": false, "friendlyName": "DigiCert Software KeyStore", "path": "dcswkeystore", "name": "DigiCert Software KeyStore", "readWrite": true, "driver": { "osx": "../Resources/libs/dcswkeystore.dylib", "win": ".\\resources\\libs\\dcswkeystore.dll" } }, { "id": "MACOS", "enable": true, "icon": "Desktop", "type": "Platform", "removable": false, "friendlyName": "My Computer", "path": "mycomputer", "name": "MacOS Keychain", "readWrite": true, "driver": { "osx": "../Resources/libs/libpvpkcs11.dylib" }, "loginSessionValidity": 0 }, { "id": "WINOS", "enable": true, "icon": "Desktop", "type": "Platform", "removable": false, "friendlyName": "My Computer", "path": "mycomputer", "name": "Windows Provider", "readWrite": true, "driver": { "win": ".\\resources\\libs\\pvpkcs11.dll" }, "loginSessionValidity": 0 }, { "id": "ETOKEN", "enable": true, "icon": "HardHSM", "type": "HWToken", "removable": true, "friendlyName": "Gemalto eToken", "path": "etoken", "name": "Gemalto eToken", "readWrite": true, "driver": { "win": "C:\\Windows\\System32\\eTPKCS11.dll", "osx": "/usr/local/lib/libeTPkcs11.dylib", "lin": "/usr/lib64/libeTPkcs11.so" }, "loginSessionValidity": 300 }, { "id": "YUBIKEY", "enable": true, "icon": "HardHSM", "type": "HWToken", "removable": true, "friendlyName": "Yubico Yubikey", "path": "yubikey", "name": "YubiKey", "readWrite": true, "driver": { "win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll", "osx": "/usr/local/lib/libykcs11.dylib", "lin": "/usr/local/lib/libykcs11.so" }, "loginSessionValidity": 300 }, { "id": "STM", "enable": false, "icon": "CloudHSM", "type": "SWToken", "removable": true, "friendlyName": "DigiCert STM", "path": "stm", "name": "DigiCert STM", "readWrite": true, "loginSessionValidity": 300, "driver": { "osx": "../Resources/libs/smpkcs11.dylib", "win": ".\\resources\\libs\\smpkcs11.dll" } } ], "logger": { "format": { "level": "info", "timestamp": "YYYY-MM-DD HH:mm:ss.SSS" }, "dailyRotate": { "enable": true, "dirname": "/Users/fumitaka.sato/.digicert-trust-assistant/logs", "filename": "trustassistant-%DATE%.log", "datePattern": "YYYYMMDD", "zippedArchive": true, "maxSize": "50m", "maxFiles": "7d" }, "console": { "enable": true } }, "plugins": [ { "name": "sample", "version": "1.0.0", "id": "foo", "main": "packed.js", "renderer": "packed.js", "path": "plugins/sample.plugin", "signature": "must be signed by our key" } ], "__internal__": { "migrations": { "version": "1.2.0" } }, "caches": [ { "name": "postscripts", "ttlSec": 1209600 }, { "name": "profiles", "ttlSec": 604800 }, { "name": "notifications", "ttlSec": 1209600 }, { "name": "account", "ttlSec": 604800 }, { "name": "userInfo", "ttlSec": 604800 }, { "name": "clientPolicy", "ttlSec": 82800 }, { "name": "dtwCert", "ttlSec": 604800 }, { "name": "dtwEnroll", "ttlSec": 604800 } ], "jobs": [ { "name": "AutoUpdateCheck", "enable": true, "intervalSec": 86400, "rememberLast": false, "randomSec": 0 }, { "name": "EnrollCheck", "enable": true, "intervalSec": 86400, "rememberLast": true, "randomSec": 3600 }, { "name": "RenewCheck", "enable": true, "intervalSec": 86400, "rememberLast": true, "randomSec": 3600 }, { "name": "TokenPeriodic", "enable": true, "intervalSec": 5, "rememberLast": false, "randomSec": 0 }, { "name": "NotifyPeriodic", "enable": true, "intervalSec": 5, "rememberLast": false, "randomSec": 0 }, { "name": "DeviceCertReissue", "enable": true, "intervalSec": 604800, "rememberLast": true, "randomSec": 0 } ]
Add other hardware tokens
DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.
To add another hardware token, you first need the PKCS#11 dynamic link library for the token already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json
.
{ "id": "<Token-ID>", "enable": true, "icon": "HWToken", "type": "HWToken", "removable": true, "friendlyName": "<Token-FriendlyName>", "path": "<Token-Path>", "name": "<Token-Name>", "readWrite": true, "loginSessionValidity": <Session-Validity>, "driver": { "win": "<Token-Library-Path-for-Win>", "osx": "<Token-Library-Path-for-Mac>" } },
The description of the specific parameters required for the configuration:
Token-ID (string): Unique identifier
Token-FriendlyName (string): Unique name
Token-Name (string): Unique name
Token-Path (string): Unique path without white space
Session-Validity (number): Validity of login session in seconds. The default value is 300.
Token-Library-Path-for-Win (string): Path for PKCS#11 (dll)
Token-Library-Path-for-Mac (string): Path for PKCS#11 (dylib or so)
Anmerkung
Exit and relaunch the application to apply the configuration changes.