Configuration
The application has a configuration file at ~/.digicert-trust-assistant/config.json Edit the file to customize.
Configuration parameters
Section | Name | Type | Value (Default) | Description |
|---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
subject | string | License Code of DigiCert Trust Assistant Java SDK | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
updateServer | string | https://pki-downloads.digicert.com/dta | Constant value | |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
logger | format.level | string | debug | Do not change. Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change |
Example
{
"license": {
"algorithm": "RS256",
"issuer": "https://trustassistant.digicert.com",
"subject": "License Code of DigiCert Trust Assistant Java SDK",
"x509": "MIIDmzCCAoOgAwIBAgIUbC2L+hSJu6PapdqbZ66ALmtlnzUwDQYJKoZIhvcNAQELBQAwXTEgMB4GA1UEAwwXVHJ1c3QgQXNzaXN0YW50IExpY2Vuc2UxFjAUBgNVBAoMDURpZ2lDZXJ0LEluYy4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzAeFw0yMjEwMDUwNzU5NTlaFw0yMzEwMDUwNzU5NTlaMF0xIDAeBgNVBAMMF1RydXN0IEFzc2lzdGFudCBMaWNlbnNlMRYwFAYDVQQKDA1EaWdpQ2VydCxJbmMuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQqf3hzd+Dkr+TtX0GYs5rGvwhFguRdAvu+OJFwZ9gyXDfCoKZMWOlp37EPvmb4iooWgVEOMdfkp/6jTHhoEnVc1ceoLEd6tSTBhIUukvghIQJbMhdTsFtO9gWUnS9/mkCTbEKdSKM+/bKme4RT+rjXNRsTBeAzQZUG1bNHuLbnw9C2PMqT6uhIJin3O2aWdQ6CRLKyfE2qKSkugLFOokwLu/GCTfYjR3T8oz78mavWRaCGTkXAhTEWLUpfnKBxgnUniLBwKrNb/o2Cq8L4RxXKtHGvCq0xwXmamA+I1atV57FIx7dK5Q68FJHssjX3OcP0VstfSXvPkzYSy/4hy1DAgMBAAGjUzBRMB0GA1UdDgQWBBRjCIZA5osRA54DQkJB9xJa1yoN/zAfBgNVHSMEGDAWgBRjCIZA5osRA54DQkJB9xJa1yoN/zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAiZ0IKgbwA+qlTJFSy0Br2Y0+uypcAxQDBWf3aU0WkSUg440BnDLf43yKQYbIsJ/s78v86dJpPKtiuiy3pYlpOqG8tcCcnfjAH94YOEgDs+VTddgT6m/0OeE/x8AMdRXcE6Bu9VYSQwuroNlSMfRNVyoVe4OxVaxVr0cbL0x4VpspKAZFowOB3Ed8wb4LrakDMMQsXdfGqpmd5GHhw8TywbQWhW6zGsNnLiStlXNGk/Z5fgc/wd6RQuXwG0YML6hJMgBpFwjejkOCZR705Ic3f945nI/RhOTKej2zKHWmzOtKKtg2obPakdRVUDUfWDAew/1w6OXU9xOeAYXPz5/IM"
},
"backends": [
{
"backend": "https://api.trustassistant.local:8443",
"productCode": "",
"activationCode": ""
}
],
"setting": {
"locale": "en",
"diagnosis": false,
"window": {
"x": 0,
"y": 0,
"width": 1000,
"height": 600
},
"autoUpdate": false,
"updateServer": "https://pki-downloads.digicert.com/dta"
},
"services": [
{
"index": 1,
"name": "LogMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 2,
"name": "TokenMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 3,
"name": "KeyMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 4,
"name": "CertMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 5,
"name": "APIService",
"enable": true,
"setting": {
"authenticate": true,
"host": "localhost",
"port": 8900,
"protocol": "http"
}
},
{
"index": 6,
"name": "ProfMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 7,
"name": "DiagnosisService",
"enable": false,
"setting": {
"authenticate": false
}
},
{
"index": 8,
"name": "PostScriptService",
"enable": true,
"setting": {
"authenticate": false
"msTimeout": 10000
}
},
{
"index": 9,
"name": "AuthMgmtService",
"enable": false,
"setting": {
"authenticate": false
}
},
{
"index": 10,
"name": "UpdateService",
"enable": true,
"setting": {
"authenticate": false
},
"job": {
"name": "AutoUpdate",
"msInterval": 86400000
}
}
],
"keystores": [
{
"id": "MACOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "MacOS Keychain",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/libpvpkcs11.dylib"
}
},
{
"id": "WINOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "Windows Provider",
"readWrite": true,
"driver": {
"win": ".\\resources\\libs\\pvpkcs11.dll"
}
},
{
"id": "SOFTHSM",
"enable": true,
"icon": "SoftHSM",
"type": "SWToken",
"removable": false,
"friendlyName": "SoftHSM v2.0",
"path": "softhsm",
"name": "SoftHSM v2.0",
"readWrite": true,
"driver": {
"tmp": "/usr/local/lib/softhsm/libsofthsm2.so",
"osx": "./libs/libsofthsm2.so"
}
},
{
"id": "ETOKEN",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Gemalto eToken",
"path": "etoken",
"name": "Gemalto eToken",
"readWrite": true,
"driver": {
"win": "C:\\Windows\\System32\\eTPKCS11.dll",
"osx": "/usr/local/lib/libeTPkcs11.dylib",
"lin": "/usr/lib64/libeTPkcs11.so"
}
},
{
"id": "YUBIKEY",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Yubico Yubikey",
"path": "yubikey",
"name": "YubiKey",
"readWrite": true,
"driver": {
"win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll",
"osx": "/usr/local/lib/libykcs11.dylib",
"lin": "/usr/local/lib/libykcs11.so"
}
},
{
"id": "SSM",
"enable": false,
"icon": "CloudHSM",
"type": "SWToken",
"removable": true,
"friendlyName": "DigiCert SSM",
"path": "ssm",
"name": "DigiCert SSM",
"readWrite": true,
"driver": {
"osx": "./libs/smpkcs11.dylib"
}
},
{
"id": "DCKC",
"enable": false,
"icon": "Desktop",
"type": "HWToken",
"removable": true,
"friendlyName": "DigiCert KeyChain",
"path": "dckeychain",
"name": "DigiCert KeyChain",
"readWrite": true,
"slot": 0,
"driver": {
"osx": "./libs/keychain-pkcs11.dylib"
}
}
],
"logger": {
"format": {
"level": "debug",
"timestamp": "YYYY-MM-DD HH:mm:ss.SSS"
},
"dailyRotate": {
"enable": true,
"dirname": "/Users/tomoyuki.nojima/.digicert-trust-assistant/logs",
"filename": "trustassistant-%DATE%.log",
"datePattern": "YYYYMMDD",
"zippedArchive": true,
"maxSize": "50m",
"maxFiles": "7d"
},
"console": {
"enable": true
}
},
"plugins": [
{
"name": "sample",
"version": "1.0.0",
"id": "foo",
"main": "packed.js",
"renderer": "packed.js",
"path": "plugins/sample.plugin",
"signature": "must be signed by our key"
}
],
"__internal__": {
"migrations": {
"version": "0.7.6"
}
}
}
Add other hardware tokens
DigiCert Trust Assistant allows additional hardware tokens with PKCS#11 interface drivers into the application.
To add another hardware token, you first need the PKCS#11 dynamic link library for the token already installed in your system. You can add the following JSON into keystores section in ~/.digicert-trust-assistant/config.json.
{
"id": "<Token-ID>",
"enable": true,
"icon": "HWToken",
"type": "HWToken",
"removable": true,
"friendlyName": "<Token-FriendlyName>",
"path": "<Token-Path>",
"name": "<Token-Name>",
"readWrite": true,
"driver": {
"win": "<Token-Library-Path-for-Win>",
"osx": "<Token-Library-Path-for-Mac>"
}
},Following describes the specific parameters required for the config.
Token-ID (string): Unique identifier
Token-FriendlyName (string): Unique name
Token-Name (string): Unique name
Token-Path (string): Unique path without white space
Token-Library-Path-for-Win (string): Path for PKCS#11 (dll)
Token-Library-Path-for-Mac (string): Path for PKCS#11 (dylib or so)
Note
Exit and re-launch the application for the new configuration to take effect.