Configuration
The application has a configuration file at ~/.digicert-trust-assistant/config.json
Edit the file to customize.
Configuration parameters
Section | Name | Type | Value (Default) | Description |
---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
subject | string | License Code of DigiCert Trust Assistant Java SDK | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
updateServer | string | https://pki-downloads.digicert.com/dta | Constant value | |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
logger | format.level | string | debug | Do not change. Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change |
Example
{ "license": { "algorithm": "RS256", "issuer": "https://trustassistant.digicert.com", "subject": "License Code of DigiCert Trust Assistant Java SDK", "x509": "MIIDmzCCAoOgAwIBAgIUbC2L+hSJu6PapdqbZ66ALmtlnzUwDQYJKoZIhvcNAQELBQAwXTEgMB4GA1UEAwwXVHJ1c3QgQXNzaXN0YW50IExpY2Vuc2UxFjAUBgNVBAoMDURpZ2lDZXJ0LEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzAeFw0yMjEwMDUwNzU5NTlaFw0yMzEwMDUwNzU5NTlaMF0xIDAeBgNVBAMMF1RydXN0IEFzc2lzdGFudCBMaWNlbnNlMRYwFAYDVQQKDA1EaWdpQ2VydCxJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQqf3hzd+Dkr+TtX0GYs5rGvwhFguRdAvu+OJFwZ9gyXDfCoKZMWOlp37EPvmb4iooWgVEOMdfkp/6jTHhoEnVc1ceoLEd6tSTBhIUukvghIQJbMhdTsFtO9gWUnS9/mkCTbEKdSKM+/bKme4RT+rjXNRsTBeAzQZUG1bNHuLbnw9C2PMqT6uhIJin3O2aWdQ6CRLKyfE2qKSkugLFOokwLu/GCTfYjR3T8oz78mavWRaCGTkXAhTEWLUpfnKBxgnUniLBwKrNb/o2Cq8L4RxXKtHGvCq0xwXmamA+I1atV57FIx7dK5Q68FJHssjX3OcP0VstfSXvPkzYSy/4hy1DAgMBAAGjUzBRMB0GA1UdDgQWBBRjCIZA5osRA54DQkJB9xJa1yoN/zAfBgNVHSMEGDAWgBRjCIZA5osRA54DQkJB9xJa1yoN/zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAiZ0IKgbwA+qlTJFSy0Br2Y0+uypcAxQDBWf3aU0WkSUg440BnDLf43yKQYbIsJ/s78v86dJpPKtiuiy3pYlpOqG8tcCcnfjAH94YOEgDs+VTddgT6m/0OeE/x8AMdRXcE6Bu9VYSQwuroNlSMfRNVyoVe4OxVaxVr0cbL0x4VpspKAZFowOB3Ed8wb4LrakDMMQsXdfGqpmd5GHhw8TywbQWhW6zGsNnLiStlXNGk/Z5fgc/wd6RQuXwG0YML6hJMgBpFwjejkOCZR705Ic3f945nI/RhOTKej2zKHWmzOtKKtg2obPakdRVUDUfWDAew/1w6OXU9xOeAYXPz5/IM" }, "backends": [ { "backend": "https://api.trustassistant.local:8443", "productCode": "", "activationCode": "" } ], "setting": { "locale": "en", "diagnosis": false, "window": { "x": 0, "y": 0, "width": 1000, "height": 600 }, "autoUpdate": false, "updateServer": "https://pki-downloads.digicert.com/dta" }, "services": [ { "index": 1, "name": "LogMgmtService", "enable": true, "setting": { "authenticate": false } }, { "index": 2, "name": "TokenMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 3, "name": "KeyMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 4, "name": "CertMgmtService", "enable": true, "setting": { "authenticate": true, "ignore": [], "removable": true } }, { "index": 5, "name": "APIService", "enable": true, "setting": { "authenticate": true, "host": "localhost", "port": 8900, "protocol": "http" } }, { "index": 6, "name": "ProfMgmtService", "enable": true, "setting": { "authenticate": false } }, { "index": 7, "name": "DiagnosisService", "enable": false, "setting": { "authenticate": false } }, { "index": 8, "name": "PostScriptService", "enable": true, "setting": { "authenticate": false "msTimeout": 10000 } }, { "index": 9, "name": "AuthMgmtService", "enable": false, "setting": { "authenticate": false } }, { "index": 10, "name": "UpdateService", "enable": true, "setting": { "authenticate": false }, "job": { "name": "AutoUpdate", "msInterval": 86400000 } } ], "keystores": [ { "id": "MACOS", "enable": true, "icon": "Desktop", "type": "Platform", "removable": false, "friendlyName": "My Computer", "path": "mycomputer", "name": "MacOS Keychain", "readWrite": true, "driver": { "osx": "../Resources/libs/libpvpkcs11.dylib" } }, { "id": "WINOS", "enable": true, "icon": "Desktop", "type": "Platform", "removable": false, "friendlyName": "My Computer", "path": "mycomputer", "name": "Windows Provider", "readWrite": true, "driver": { "win": ".\\resources\\libs\\pvpkcs11.dll" } }, { "id": "SOFTHSM", "enable": true, "icon": "SoftHSM", "type": "SWToken", "removable": false, "friendlyName": "SoftHSM v2.0", "path": "softhsm", "name": "SoftHSM v2.0", "readWrite": true, "driver": { "tmp": "/usr/local/lib/softhsm/libsofthsm2.so", "osx": "./libs/libsofthsm2.so" } }, { "id": "ETOKEN", "enable": true, "icon": "HardHSM", "type": "HWToken", "removable": true, "friendlyName": "Gemalto eToken", "path": "etoken", "name": "Gemalto eToken", "readWrite": true, "driver": { "win": "C:\\Windows\\System32\\eTPKCS11.dll", "osx": "/usr/local/lib/libeTPkcs11.dylib", "lin": "/usr/lib64/libeTPkcs11.so" } }, { "id": "YUBIKEY", "enable": true, "icon": "HardHSM", "type": "HWToken", "removable": true, "friendlyName": "Yubico Yubikey", "path": "yubikey", "name": "YubiKey", "readWrite": true, "driver": { "win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll", "osx": "/usr/local/lib/libykcs11.dylib", "lin": "/usr/local/lib/libykcs11.so" } }, { "id": "SSM", "enable": false, "icon": "CloudHSM", "type": "SWToken", "removable": true, "friendlyName": "DigiCert SSM", "path": "ssm", "name": "DigiCert SSM", "readWrite": true, "driver": { "osx": "./libs/smpkcs11.dylib" } }, { "id": "DCKC", "enable": false, "icon": "Desktop", "type": "HWToken", "removable": true, "friendlyName": "DigiCert KeyChain", "path": "dckeychain", "name": "DigiCert KeyChain", "readWrite": true, "slot": 0, "driver": { "osx": "./libs/keychain-pkcs11.dylib" } } ], "logger": { "format": { "level": "debug", "timestamp": "YYYY-MM-DD HH:mm:ss.SSS" }, "dailyRotate": { "enable": true, "dirname": "/Users/tomoyuki.nojima/.digicert-trust-assistant/logs", "filename": "trustassistant-%DATE%.log", "datePattern": "YYYYMMDD", "zippedArchive": true, "maxSize": "50m", "maxFiles": "7d" }, "console": { "enable": true } }, "plugins": [ { "name": "sample", "version": "1.0.0", "id": "foo", "main": "packed.js", "renderer": "packed.js", "path": "plugins/sample.plugin", "signature": "must be signed by our key" } ], "__internal__": { "migrations": { "version": "0.7.6" } } }
Add other hardware tokens
DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.
To add another hardware token, you first need the PKCS#11 dynamic link library for the token already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json
.
{ "id": "<Token-ID>", "enable": true, "icon": "HWToken", "type": "HWToken", "removable": true, "friendlyName": "<Token-FriendlyName>", "path": "<Token-Path>", "name": "<Token-Name>", "readWrite": true, "driver": { "win": "<Token-Library-Path-for-Win>", "osx": "<Token-Library-Path-for-Mac>" } },
Following describes the specific parameters required for the config.
Token-ID (string): Unique identifier
Token-FriendlyName (string): Unique name
Token-Name (string): Unique name
Token-Path (string): Unique path without white space
Token-Library-Path-for-Win (string): Path for PKCS#11 (dll)
Token-Library-Path-for-Mac (string): Path for PKCS#11 (dylib or so)
Opmerking
Exit and re-launch the application for the new configuration to take effect.