Configuration
The application has a configuration file at ~/.digicert-trust-assistant/config.json. Edit the file to customize.
Configuration parameters
Section | Name | Type | Value (Default) | Description |
|---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
updateServer | string | Constant value | ||
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
loginSessionValidity | number | 300 0 when id = WINOS | MACOS, or when omitted | Configure the number in seconds of how long the login session is retained after the user enters the PIN. Also when a user performs any token-based operation, the session will be reset to this value. 0 means the session will not be retained. | |
logger | format.level | string | info | Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change | |
jobs | name | string | <job name> | Do not change |
enable | boolean | true | Do not change | |
intervalSec | number | depends | Interval in seconds the job runs. | |
rememberLast | boolean | depends | Whether to remember the last run even after application reboot. | |
randomSec | number | depends | Decides the timing when the job runs. If 0, it will run immediately. If number is specified, it will randomly decide between 0 and randomSec time in seconds to wait til it runs. |
Example
{
"license": {
"algorithm": "ES384",
"issuer": "https://trustassistant.digicert.com",
"x509": "MIICHjCCAaSgAwIBAgIULRidBMJPgU/+2kCa/94y+vZtC48wCgYIKoZIzj0EAwMwPTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURpZ2lDZXJ0IE9uZSBMaWNlbnNlIFJvb3QwIBcNMjAwMTAxMDAwMDAwWhgPMjEyMDAxMDEwMDAwMDBaMD0xFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSIwIAYDVQQDExlEaWdpQ2VydCBPbmUgTGljZW5zZSBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXjjpsiEBlldhARkre/KC05lDz/iOPtb6XPBD2TKS/8zCb4S3bk7SvAzOWs0hsNnceNMXKqtwtHidHSQArZ80wme6jLzPtAaaQVpu0+/HOsMvSp+7Gp85y4hxzUbLrCzio2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb/vlWAYkK/YBwkwCgYIKoZIzj0EAwMDaAAwZQIwKQIBaAUl0WQTIAY8E0nFauEQM0gkOnuCOSb+ACTpR9ayxoK3uQIHW4ZuWZgXK+tQAjEAl2xsyoKAvMbeCOXRbLki2rlfdIqdt/DG8vjFaaWW/tkLUhqiVRBYJK8upG02h52b"
},
"backends": [
{
"backend": "https://api.trustassistant.local:8443",
"productCode": "",
"activationCode": ""
}
],
"setting": {
"locale": "en",
"diagnosis": false,
"window": {
"x": 0,
"y": 0,
"width": 1000,
"height": 600
},
"autoUpdate": false,
"updateServer": "https://pki-downloads.digicert.com/dta",
"winSilentUpdate": true,
"dcTlsClient": {
"verbose": false
}
},
"services": [
{
"index": 1,
"name": "LogMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 2,
"name": "TokenMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 3,
"name": "KeyMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 4,
"name": "CertMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 5,
"name": "APIService",
"enable": true,
"setting": {
"authenticate": true,
"host": "localhost",
"port": 8900,
"protocol": "http"
}
},
{
"index": 6,
"name": "ProfMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 7,
"name": "DiagnosisService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 8,
"name": "PostScriptService",
"enable": true,
"setting": {
"authenticate": false,
"msTimeout": 10000
}
},
{
"index": 9,
"name": "AuthMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 10,
"name": "UpdateService",
"enable": true,
"setting": {
"authenticate": false
},
"job": {
"name": "AutoUpdate",
"msInterval": 86400000
}
},
{
"index": 11,
"name": "WorkFlowService",
"enable": false,
"setting": {
"authenticate": false
}
},
{
"index": 12,
"name": "JobMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
}
],
"keystores": [
{
"id": "DCSWKS",
"enable": true,
"icon": "SoftHSM",
"type": "SWToken",
"removable": false,
"friendlyName": "DigiCert Software KeyStore",
"path": "dcswkeystore",
"name": "DigiCert Software KeyStore",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/dcswkeystore.dylib",
"win": ".\\resources\\libs\\dcswkeystore.dll"
}
},
{
"id": "MACOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "MacOS Keychain",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/libpvpkcs11.dylib"
},
"loginSessionValidity": 0
},
{
"id": "WINOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "Windows Provider",
"readWrite": true,
"driver": {
"win": ".\\resources\\libs\\pvpkcs11.dll"
},
"loginSessionValidity": 0
},
{
"id": "ETOKEN",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Gemalto eToken",
"path": "etoken",
"name": "Gemalto eToken",
"readWrite": true,
"driver": {
"win": "C:\\Windows\\System32\\eTPKCS11.dll",
"osx": "/usr/local/lib/libeTPkcs11.dylib",
"lin": "/usr/lib64/libeTPkcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "YUBIKEY",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Yubico Yubikey",
"path": "yubikey",
"name": "YubiKey",
"readWrite": true,
"driver": {
"win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll",
"osx": "/usr/local/lib/libykcs11.dylib",
"lin": "/usr/local/lib/libykcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "STM",
"enable": false,
"icon": "CloudHSM",
"type": "SWToken",
"removable": true,
"friendlyName": "DigiCert STM",
"path": "stm",
"name": "DigiCert STM",
"readWrite": true,
"loginSessionValidity": 300,
"driver": {
"osx": "../Resources/libs/smpkcs11.dylib",
"win": ".\\resources\\libs\\smpkcs11.dll"
}
}
],
"logger": {
"format": {
"level": "info",
"timestamp": "YYYY-MM-DD HH:mm:ss.SSS"
},
"dailyRotate": {
"enable": true,
"dirname": "/Users/fumitaka.sato/.digicert-trust-assistant/logs",
"filename": "trustassistant-%DATE%.log",
"datePattern": "YYYYMMDD",
"zippedArchive": true,
"maxSize": "50m",
"maxFiles": "7d"
},
"console": {
"enable": true
}
},
"plugins": [
{
"name": "sample",
"version": "1.0.0",
"id": "foo",
"main": "packed.js",
"renderer": "packed.js",
"path": "plugins/sample.plugin",
"signature": "must be signed by our key"
}
],
"__internal__": {
"migrations": {
"version": "1.2.0"
}
},
"caches": [
{
"name": "postscripts",
"ttlSec": 1209600
},
{
"name": "profiles",
"ttlSec": 604800
},
{
"name": "notifications",
"ttlSec": 1209600
},
{
"name": "account",
"ttlSec": 604800
},
{
"name": "userInfo",
"ttlSec": 604800
},
{
"name": "clientPolicy",
"ttlSec": 82800
},
{
"name": "dtwCert",
"ttlSec": 604800
},
{
"name": "dtwEnroll",
"ttlSec": 604800
}
],
"jobs": [
{
"name": "AutoUpdateCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": false,
"randomSec": 0
},
{
"name": "EnrollCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "RenewCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "TokenPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "NotifyPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "DeviceCertReissue",
"enable": true,
"intervalSec": 604800,
"rememberLast": true,
"randomSec": 0
}
]
Add other hardware tokens
DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.
To add another hardware token, you first need the PKCS#11 dynamic link library for the token already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json.
{
"id": "<Token-ID>",
"enable": true,
"icon": "HWToken",
"type": "HWToken",
"removable": true,
"friendlyName": "<Token-FriendlyName>",
"path": "<Token-Path>",
"name": "<Token-Name>",
"readWrite": true,
"loginSessionValidity": <Session-Validity>,
"driver": {
"win": "<Token-Library-Path-for-Win>",
"osx": "<Token-Library-Path-for-Mac>"
}
},The description of the specific parameters required for the configuration:
Token-ID (string): Unique identifier
Token-FriendlyName (string): Unique name
Token-Name (string): Unique name
Token-Path (string): Unique path without white space
Session-Validity (number): Validity of login session in seconds. The default value is 300.
Token-Library-Path-for-Win (string): Path for PKCS#11 (dll)
Token-Library-Path-for-Mac (string): Path for PKCS#11 (dylib or so)
Opmerking
Exit and relaunch the application to apply the configuration changes.