Skip to main content

Configuration

The application has a configuration file at ~/.digicert-trust-assistant/config.json. Edit the file to customize.

Configuration parameters

Section

Name

Type

Value (Default)

Description

license

algorithm

string

RS256

Constant value

issuer

string

https://trustassistant.digicert.com

Constant value

x509

string (Base64)

MIIDmzCCAoOgAwIBAgIUbC2L+h….

Constant value

setting

locale

string

en

Constant value

diagnosis

boolean

false

If true, advanced mode is enabled at launch.

autoUpdate

boolean

false

If true, auto update is enabled at launch.

updateServer

string

https://pki-downloads.digicert.com/dta

Constant value

setting.dcTlsClient.timeoutSec

number

10

The timeout value (in seconds) to configure the DigiCert ONE Login access timeout follows these rules:

  • Values ≤ 0 are resolved to 1.

  • Values > 60 are resolved to 60.

  • Decimal values are rounded to the nearest whole number.

keystores

id

string

 < key-store-name >

 Key store name (unique)

enable

boolean

 true

If set as false, the key store is not be available for any operation. 

icon

string

 < Desktop / SoftHSM / HardHSM >

Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”.

type

string

 < Platform / SWToken / HWToken >

Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”.

removable

boolean

 < false / true >

Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”.

friendlyName

string

  < Key Store name >

Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken.

path

string

 < Key Store Family Name >

Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken.

name

string

 < Key Store Display name >

Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken.

readWrite

boolean

  < true >

Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work.

driver

string[]

< absolute path for the Key Store driver >

Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken.

loginSessionValidity

number

300

0 when id = WINOS | MACOS, or when omitted

Configure the number in seconds of how long the login session is retained after the user enters the PIN. Also when a user performs any token-based operation, the session will be reset to this value.

0 means the session will not be retained.

logger

format.level

string

info

Allowed values are ‘error/warn/info/http/verbose/debug/silly’

format.timestamp

string

YYYY-MM-DD HH:mm:ss.SSS

 Do not change.

dailyRotate.enable

boolean

true

 Do not change

dailyRotate.dirName

string

<HOME>/.digicert-trust-assistant/logs

 Do not change

dailyRotate.fileName

string

trustassistant-%DATE%.log

 Do not change

dailyRotate.datePattern

string

YYYYMMDD

 Do not change

dailyRotate.zippedArchive

boolean

true

 Do not change

dailyRotate.maxSize

string

50m

 Do not change

dailyRotate.maxFiles

string

7d

 Do not change

console.enable

boolean

true

 Do not change

jobs

name

string

<job name>

Do not change

enable

boolean

true

Do not change

intervalSec

number

depends

Interval in seconds the job runs.

rememberLast

boolean

depends

Whether to remember the last run even after application reboot.

randomSec

number

depends

Decides the timing when the job runs. If 0, it will run immediately. If number is specified, it will randomly decide between 0 and randomSec time in seconds to wait til it runs.

Example

{
  "license": {
    "algorithm": "ES384",
    "issuer": "https://trustassistant.digicert.com",
    "x509": "MIICHjCCAaSgAwIBAgIULRidBMJPgU/+2kCa/94y+vZtC48wCgYIKoZIzj0EAwMwPTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURpZ2lDZXJ0IE9uZSBMaWNlbnNlIFJvb3QwIBcNMjAwMTAxMDAwMDAwWhgPMjEyMDAxMDEwMDAwMDBaMD0xFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSIwIAYDVQQDExlEaWdpQ2VydCBPbmUgTGljZW5zZSBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXjjpsiEBlldhARkre/KC05lDz/iOPtb6XPBD2TKS/8zCb4S3bk7SvAzOWs0hsNnceNMXKqtwtHidHSQArZ80wme6jLzPtAaaQVpu0+/HOsMvSp+7Gp85y4hxzUbLrCzio2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb/vlWAYkK/YBwkwCgYIKoZIzj0EAwMDaAAwZQIwKQIBaAUl0WQTIAY8E0nFauEQM0gkOnuCOSb+ACTpR9ayxoK3uQIHW4ZuWZgXK+tQAjEAl2xsyoKAvMbeCOXRbLki2rlfdIqdt/DG8vjFaaWW/tkLUhqiVRBYJK8upG02h52b"
  },
  "backends": [
    {
      "backend": "https://api.trustassistant.local:8443",
      "productCode": "",
      "activationCode": ""
    }
  ],
  "setting": {
    "locale": "en",
    "diagnosis": false,
    "window": {
      "x": 0,
      "y": 0,
      "width": 1000,
      "height": 600
    },
    "autoUpdate": false,
    "updateServer": "https://pki-downloads.digicert.com/dta",
    "winSilentUpdate": true,
    "dcTlsClient": {
      "verbose": false
      "timeoutSec": 10
    }
  },
  "services": [
    {
      "index": 1,
      "name": "LogMgmtService",
      "enable": true,
      "setting": {
        "authenticate": false
      }
    },
    {
      "index": 2,
      "name": "TokenMgmtService",
      "enable": true,
      "setting": {
        "authenticate": true,
        "ignore": [],
        "removable": true
      }
    },
    {
      "index": 3,
      "name": "KeyMgmtService",
      "enable": true,
      "setting": {
        "authenticate": true,
        "ignore": [],
        "removable": true
      }
    },
    {
      "index": 4,
      "name": "CertMgmtService",
      "enable": true,
      "setting": {
        "authenticate": true,
        "ignore": [],
        "removable": true
      }
    },
    {
      "index": 5,
      "name": "APIService",
      "enable": true,
      "setting": {
        "authenticate": true,
        "host": "localhost",
        "port": 8900,
        "protocol": "http"
      }
    },
    {
      "index": 6,
      "name": "ProfMgmtService",
      "enable": true,
      "setting": {
        "authenticate": false
      }
    },
    {
      "index": 7,
      "name": "DiagnosisService",
      "enable": true,
      "setting": {
        "authenticate": false
      }
    },
    {
      "index": 8,
      "name": "PostScriptService",
      "enable": true,
      "setting": {
        "authenticate": false,
        "msTimeout": 10000
      }
    },
    {
      "index": 9,
      "name": "AuthMgmtService",
      "enable": true,
      "setting": {
        "authenticate": false
      }
    },
    {
      "index": 10,
      "name": "UpdateService",
      "enable": true,
      "setting": {
        "authenticate": false
      },
      "job": {
        "name": "AutoUpdate",
        "msInterval": 86400000
      }
    },
    {
      "index": 11,
      "name": "WorkFlowService",
      "enable": false,
      "setting": {
        "authenticate": false
      }
    },
    {
      "index": 12,
      "name": "JobMgmtService",
      "enable": true,
      "setting": {
        "authenticate": false
      }
    }
  ],
  "keystores": [
    {
      "id": "DCSWKS",
      "enable": true,
      "icon": "SoftHSM",
      "type": "SWToken",
      "removable": false,
      "friendlyName": "DigiCert Software KeyStore",
      "path": "dcswkeystore",
      "name": "DigiCert Software KeyStore",
      "readWrite": true,
      "driver": {
        "osx": "../Resources/libs/dcswkeystore.dylib",
        "win": ".\\resources\\libs\\dcswkeystore.dll"
      }
    },
    {
      "id": "MACOS",
      "enable": true,
      "icon": "Desktop",
      "type": "Platform",
      "removable": false,
      "friendlyName": "My Computer",
      "path": "mycomputer",
      "name": "MacOS Keychain",
      "readWrite": true,
      "driver": {
        "osx": "../Resources/libs/libpvpkcs11.dylib"
      },
      "loginSessionValidity": 0
    },
    {
      "id": "WINOS",
      "enable": true,
      "icon": "Desktop",
      "type": "Platform",
      "removable": false,
      "friendlyName": "My Computer",
      "path": "mycomputer",
      "name": "Windows Provider",
      "readWrite": true,
      "driver": {
        "win": ".\\resources\\libs\\pvpkcs11.dll"
      },
      "loginSessionValidity": 0
    },
    {
      "id": "ETOKEN",
      "enable": true,
      "icon": "HardHSM",
      "type": "HWToken",
      "removable": true,
      "friendlyName": "Gemalto eToken",
      "path": "etoken",
      "name": "Gemalto eToken",
      "readWrite": true,
      "driver": {
        "win": "C:\\Windows\\System32\\eTPKCS11.dll",
        "osx": "/usr/local/lib/libeTPkcs11.dylib",
        "lin": "/usr/lib64/libeTPkcs11.so"
      },
      "loginSessionValidity": 300
    },
    {
      "id": "YUBIKEY",
      "enable": true,
      "icon": "HardHSM",
      "type": "HWToken",
      "removable": true,
      "friendlyName": "Yubico Yubikey",
      "path": "yubikey",
      "name": "YubiKey",
      "readWrite": true,
      "driver": {
        "win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll",
        "osx": "/usr/local/lib/libykcs11.dylib",
        "lin": "/usr/local/lib/libykcs11.so"
      },
      "loginSessionValidity": 300
    },
    {
      "id": "STM",
      "enable": false,
      "icon": "CloudHSM",
      "type": "SWToken",
      "removable": true,
      "friendlyName": "DigiCert STM",
      "path": "stm",
      "name": "DigiCert STM",
      "readWrite": true,
      "loginSessionValidity": 300,
      "driver": {
        "osx": "../Resources/libs/smpkcs11.dylib",
        "win": ".\\resources\\libs\\smpkcs11.dll"
      }
    }
  ],
  "logger": {
    "format": {
      "level": "info",
      "timestamp": "YYYY-MM-DD HH:mm:ss.SSS"
    },
    "dailyRotate": {
      "enable": true,
      "dirname": "/Users/fumitaka.sato/.digicert-trust-assistant/logs",
      "filename": "trustassistant-%DATE%.log",
      "datePattern": "YYYYMMDD",
      "zippedArchive": true,
      "maxSize": "50m",
      "maxFiles": "7d"
    },
    "console": {
      "enable": true
    }
  },
  "plugins": [
    {
      "name": "sample",
      "version": "1.0.0",
      "id": "foo",
      "main": "packed.js",
      "renderer": "packed.js",
      "path": "plugins/sample.plugin",
      "signature": "must be signed by our key"
    }
  ],
  "__internal__": {
    "migrations": {
      "version": "1.2.0"
    }
  },
  "caches": [
    {
      "name": "postscripts",
      "ttlSec": 1209600
    },
    {
      "name": "profiles",
      "ttlSec": 604800
    },
    {
      "name": "notifications",
      "ttlSec": 1209600
    },
    {
      "name": "account",
      "ttlSec": 604800
    },
    {
      "name": "userInfo",
      "ttlSec": 604800
    },
    {
      "name": "clientPolicy",
      "ttlSec": 82800
    },
    {
      "name": "dtwCert",
      "ttlSec": 604800
    },
    {
      "name": "dtwEnroll",
      "ttlSec": 604800
    }
  ],
  "jobs": [
    {
      "name": "AutoUpdateCheck",
      "enable": true,
      "intervalSec": 86400,
      "rememberLast": false,
      "randomSec": 0
    },
    {
      "name": "EnrollCheck",
      "enable": true,
      "intervalSec": 86400,
      "rememberLast": true,
      "randomSec": 3600
    },
    {
      "name": "RenewCheck",
      "enable": true,
      "intervalSec": 86400,
      "rememberLast": true,
      "randomSec": 3600
    },
    {
      "name": "TokenPeriodic",
      "enable": true,
      "intervalSec": 5,
      "rememberLast": false,
      "randomSec": 0
    },
    {
      "name": "NotifyPeriodic",
      "enable": true,
      "intervalSec": 5,
      "rememberLast": false,
      "randomSec": 0
    },
    {
      "name": "DeviceCertReissue",
      "enable": true,
      "intervalSec": 604800,
      "rememberLast": true,
      "randomSec": 0
    }
  ]

Add other hardware tokens

DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.

To add another hardware token, you first need the PKCS#11 dynamic link library for the token already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json.

    {
      "id": "<Token-ID>",
      "enable": true,
      "icon": "HWToken",
      "type": "HWToken",
      "removable": true,
      "friendlyName": "<Token-FriendlyName>",
      "path": "<Token-Path>",
      "name": "<Token-Name>",
      "readWrite": true,
      "loginSessionValidity": <Session-Validity>,
      "driver": {
        "win": "<Token-Library-Path-for-Win>",
        "osx": "<Token-Library-Path-for-Mac>"
      }
    },

The description of the specific parameters required for the configuration:

  • Token-ID (string): Unique identifier

  • Token-FriendlyName (string): Unique name

  • Token-Name (string): Unique name

  • Token-Path (string): Unique path without white space

  • Session-Validity (number): Validity of login session in seconds. The default value is 300.

  • Token-Library-Path-for-Win (string): Path for PKCS#11 (dll)

  • Token-Library-Path-for-Mac (string): Path for PKCS#11 (dylib or so)

Note

Exit and relaunch the application to apply the configuration changes.