The application's configuration file is at ~/.digicert-trust-assistant/config.json. You can edit the file to customize it.
The following table describes the specific parameters required for the configuration.
Section | Name | Type | Value (Default) | Description |
|---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
updateServer | string | Constant value | ||
setting.dcTlsClient.timeoutSec | number | 10 | The timeout value (in seconds) to configure the DigiCert ONE Login access timeout follows these rules:
| |
proxySettings.type | string | system | Specifies the proxy configuration type. Possible values include:
| |
proxySettings.authInfo.type | string | none | Specifies the authentication type for the proxy. Possible values include:
| |
proxySettings.authInfo.userName | string |
| The username for proxy authentication when authInfo.type is set to basic. | |
proxySettings.authInfo.password | string |
| The password for proxy authentication when authInfo.type is set to basic. | |
proxySettings.customProxy.type | string | http | Specifies the type of custom proxy. Possible values includes:
| |
proxySettings.customProxy.server | string |
| Specifies the address of the custom proxy server. Required when Example: | |
proxySettings.customProxy.port | string |
| Specifies the port number of the custom proxy server. Required when Example: 8080 | |
proxySettings.customProxy.pacFileURL | string |
| Specifies the URL of the Proxy Auto-Configuration (PAC) file. Required when Example: | |
job.netErrRetryIntrvlSec | number | 300 | The interval value (in seconds) at which DigiCert® Trust Assistantretries the job if a network connection error occurs during the Renew check or Enroll check job. DigiCert® Trust Assistant will continue retrying at this interval until the job completes successfully. | |
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
loginSessionValidity | number | 300 0 when id = WINOS | MACOS, or when omitted | Configure the number in seconds of how long the login session is retained after the user enters the PIN. Also when a user performs any token-based operation, the session will be reset to this value. 0 means the session will not be retained. | |
logger | format.level | string | info | Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change | |
jobs | name | string | <job name> | Do not change |
enable | boolean | true | Do not change | |
intervalSec | number | depends | Interval in seconds the job runs. | |
rememberLast | boolean | depends | Whether to remember the last run even after application reboot. | |
randomSec | number | depends | Decides the timing when the job runs. If 0, it will run immediately. If number is specified, it will randomly decide between 0 and randomSec time in seconds to wait til it runs. |
Waarschuwing
Do not update config.json using Group Policy (GPO) or any Device Management (MDM) solution. This may result in unexpected behavior, overwrite critical settings, or cause application malfunctions. Instead, use extra-conf.json for configuring DigiCert® Trust Assistant through GPO or MDM. For more details on configuring via extra-conf.json, refer to Configure DigiCert Trust Assistant settings via GPO or Device Management solution.
{
"license": {
"algorithm": "ES384",
"issuer": "https://trustassistant.digicert.com",
"x509": "MIICHjCCAaSgAwIBAgIULRidBMJPgU/+2kCa/94y+vZtC48wCgYIKoZIzj0EAwMwPTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURpZ2lDZXJ0IE9uZSBMaWNlbnNlIFJvb3QwIBcNMjAwMTAxMDAwMDAwWhgPMjEyMDAxMDEwMDAwMDBaMD0xFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSIwIAYDVQQDExlEaWdpQ2VydCBPbmUgTGljZW5zZSBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXjjpsiEBlldhARkre/KC05lDz/iOPtb6XPBD2TKS/8zCb4S3bk7SvAzOWs0hsNnceNMXKqtwtHidHSQArZ80wme6jLzPtAaaQVpu0+/HOsMvSp+7Gp85y4hxzUbLrCzio2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb/vlWAYkK/YBwkwCgYIKoZIzj0EAwMDaAAwZQIwKQIBaAUl0WQTIAY8E0nFauEQM0gkOnuCOSb+ACTpR9ayxoK3uQIHW4ZuWZgXK+tQAjEAl2xsyoKAvMbeCOXRbLki2rlfdIqdt/DG8vjFaaWW/tkLUhqiVRBYJK8upG02h52b"
},
"setting": {
"locale": "en",
"diagnosis": false,
"window": {
"x": 0,
"y": 0,
"width": 1000,
"height": 600
},
"autoUpdate": false,
"updateServer": "https://pki-downloads.digicert.com/dta",
"winSilentUpdate": true,
"dcTlsClient": {
"verbose": false,
"timeoutSec": 10
},
"proxySettings": {
"type": "system",
"authInfo": {
"type": "none",
"userName": "",
"password": ""
},
"customProxy": {
"type": "http",
"server": "",
"port": "",
"pacFileURL": ""
}
},
"job": {
"netErrRetryIntrvlSec": 300
}
},
"services": [
{
"index": 1,
"name": "LogMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 2,
"name": "TokenMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 3,
"name": "KeyMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 4,
"name": "CertMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 5,
"name": "APIService",
"enable": true,
"setting": {
"authenticate": true,
"host": "localhost",
"port": 8900,
"protocol": "http"
}
},
{
"index": 6,
"name": "ProfMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 7,
"name": "DiagnosisService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 8,
"name": "PostScriptService",
"enable": true,
"setting": {
"authenticate": false,
"msTimeout": 30000
}
},
{
"index": 9,
"name": "AuthMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 10,
"name": "UpdateService",
"enable": true,
"setting": {
"authenticate": false
},
"job": {
"name": "AutoUpdate",
"msInterval": 86400000
}
},
{
"index": 11,
"name": "WorkFlowService",
"enable": false,
"setting": {
"authenticate": false
}
},
{
"index": 12,
"name": "JobMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
}
],
"keystores": [
{
"id": "DCSWKS",
"enable": true,
"icon": "SoftHSM",
"type": "SWToken",
"removable": false,
"friendlyName": "DigiCert Software KeyStore",
"path": "dcswkeystore",
"name": "DigiCert Software KeyStore",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/dcswkeystore.dylib",
"win": ".\\resources\\libs\\dcswkeystore.dll"
}
},
{
"id": "MACOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "MacOS Keychain",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/libpvpkcs11.dylib"
},
"loginSessionValidity": 0
},
{
"id": "WINOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "Windows Provider",
"readWrite": true,
"driver": {
"win": ".\\resources\\libs\\pvpkcs11.dll"
},
"loginSessionValidity": 0
},
{
"id": "ETOKEN",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Gemalto eToken",
"path": "etoken",
"name": "Gemalto eToken",
"readWrite": true,
"driver": {
"win": "C:\\Windows\\System32\\eTPKCS11.dll",
"osx": "/usr/local/lib/libeTPkcs11.dylib",
"lin": "/usr/lib64/libeTPkcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "YUBIKEY",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Yubico Yubikey",
"path": "yubikey",
"name": "YubiKey",
"readWrite": true,
"driver": {
"win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll",
"osx": "/usr/local/lib/libykcs11.dylib",
"lin": "/usr/local/lib/libykcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "STM",
"enable": false,
"icon": "CloudHSM",
"type": "SWToken",
"removable": true,
"friendlyName": "DigiCert STM",
"path": "stm",
"name": "DigiCert STM",
"readWrite": true,
"loginSessionValidity": 300,
"driver": {
"osx": "../Resources/libs/smpkcs11.dylib",
"win": ".\\resources\\libs\\smpkcs11.dll"
}
}
],
"logger": {
"format": {
"level": "info",
"timestamp": "YYYY-MM-DD HH:mm:ss.SSS"
},
"dailyRotate": {
"enable": true,
"dirname": "/Users/fumitaka.sato/.digicert-trust-assistant/logs",
"filename": "trustassistant-%DATE%.log",
"datePattern": "YYYYMMDD",
"zippedArchive": true,
"maxSize": "50m",
"maxFiles": "7d"
},
"console": {
"enable": true
}
},
"plugins": [
{
"name": "sample",
"version": "1.0.0",
"id": "foo",
"main": "packed.js",
"renderer": "packed.js",
"path": "plugins/sample.plugin",
"signature": "must be signed by our key"
}
],
"__internal__": {
"migrations": {
"version": "1.2.0"
}
},
"caches": [
{
"name": "postscripts",
"ttlSec": 1209600
},
{
"name": "profiles",
"ttlSec": 604800
},
{
"name": "notifications",
"ttlSec": 1209600
},
{
"name": "account",
"ttlSec": 604800
},
{
"name": "userInfo",
"ttlSec": 604800
},
{
"name": "clientPolicy",
"ttlSec": 82800
},
{
"name": "dtwCert",
"ttlSec": 604800
},
{
"name": "dtwEnroll",
"ttlSec": 604800
}
],
"jobs": [
{
"name": "AutoUpdateCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": false,
"randomSec": 0
},
{
"name": "EnrollCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "RenewCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "TokenPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "NotifyPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "DeviceCertReissue",
"enable": true,
"intervalSec": 604800,
"rememberLast": true,
"randomSec": 0
}
]
}
DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.
To add another hardware token, the PKCS#11 dynamic link library for the token must be already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json.
{
"id": "<Token-ID>",
"enable": true,
"icon": "HWToken",
"type": "HWToken",
"removable": true,
"friendlyName": "<Token-FriendlyName>",
"path": "<Token-Path>",
"name": "<Token-Name>",
"readWrite": true,
"loginSessionValidity": <Session-Validity>,
"driver": {
"win": "<Token-Library-Path-for-Win>",
"osx": "<Token-Library-Path-for-Mac>"
}
},The following table describes the specific parameters required for the configuration:
Name | Type | Description |
|---|---|---|
Token-ID | String | Unique identifier |
Token-FriendlyName | String | Unique name |
Token-Name | String | Unique name |
Token-Path | String | Unique path without white space |
Session-Validity | Number | Validity of login session in seconds. The default value is 300. |
Token-Library-Path-for-Win | String | Path for PKCS#11 (dll) |
Token-Library-Path-for-Mac | String | Path for PKCS#11 (dylib or so) |
Opmerking
Exit and relaunch the application to apply the configuration changes.
Opmerking
From DigiCert® Trust Assistant version 1.2.3 onward, you can configure the keystore via extra-config.json. For more information on how to set it up, refer to Keystore settings