Configuration details of DigiCert Trust Assistant
The application's configuration file is at ~/.digicert-trust-assistant/config.json. You can edit the file to customize it.
Configuration parameters
The following table describes the specific parameters required for the configuration.
Section | Name | Type | Value (Default) | Description |
|---|---|---|---|---|
license | algorithm | string | RS256 | Constant value |
issuer | string | https://trustassistant.digicert.com | Constant value | |
x509 | string (Base64) | MIIDmzCCAoOgAwIBAgIUbC2L+h…. | Constant value | |
setting | locale | string | en | Constant value |
diagnosis | boolean | false | If true, advanced mode is enabled at launch. | |
setting.window.x | number | 10 | The horizontal (X-axis) position of the application's main window on the screen, in pixels. A value of 0 places it at the far-left edge. | |
setting.window.y | number | 10 | The vertical (Y-axis) position of the application's main window on the screen, in pixels. A value of 0 places it at the top edge. | |
setting.window.width | number | 1000 | The width of the application's main window in pixels. Determines how wide the window appears when launched. | |
setting.window.height | number | 600 | The height of the application's main window in pixels. Determines how tall the window appears when launched. | |
autoUpdate | boolean | false | If true, auto update is enabled at launch. | |
updateServer | string | Constant value | ||
winSilentUpdate | boolean | true | A condition (true or false) that determines whether updates on Windows are performed silently, without displaying prompts or requiring user interaction. | |
dcTlsClient.verbose | boolean | false | Enables or disables verbose logging for the dcTlsClient (DigiCert TLS client) module. | |
dcTlsClient.timeoutSec | number | 10 | The timeout value (in seconds) to configure the DigiCert ONE Login access timeout follows these rules:
| |
proxySettings.type | string | system | Specifies the proxy configuration type. Possible values include:
| |
proxySettings.authInfo.type | string | none | Specifies the authentication type for the proxy. Possible values include:
| |
proxySettings.authInfo.userName | string |
| The username for proxy authentication when authInfo.type is set to basic. | |
proxySettings.authInfo.password | string |
| The password for proxy authentication when authInfo.type is set to basic. | |
proxySettings.customProxy.type | string | http | Specifies the type of custom proxy. Possible values includes:
| |
proxySettings.customProxy.server | string |
| Specifies the address of the custom proxy server. Required when Example: | |
proxySettings.customProxy.port | string |
| Specifies the port number of the custom proxy server. Required when Example: 8080 | |
proxySettings.customProxy.pacFileURL | string |
| Specifies the URL of the Proxy Auto-Configuration (PAC) file. Required when Example: | |
job.netErrRetryIntrvlSec | number | 300 | The interval value (in seconds) at which DigiCert® Trust Assistant retries the job if a network connection error occurs during the Renew check or Enroll check job. DigiCert® Trust Assistant will continue retrying at this interval until the job completes successfully. | |
services | index | number | 1 and increments | Index number of the service |
name | string | <service-name> | Service name | |
enable | boolean | true | When set to true, the service is active and runs as part of the system configuration. | |
setting.authenticate | boolean | true | Determines whether the service requires authentication to operate. | |
setting.ignore | string[] | <List of keys to be ignored> | A list of keys or settings that should be ignored during processing. An empty array means no keys are ignored. | |
setting.removable | boolean | true | Indicates whether this configuration block can be removed. | |
setting.host | string | digicert.com | The hostname or IP address where the service is hosted. Typically used for network communication with the service. | |
setting.port | number | 8900 | The port number on which the service listens. Must match the corresponding service’s configuration to ensure successful connection. | |
setting.protocol | string | https | The communication protocol used (e.g., http, https). Determines how the client connects to the host and port. | |
| job.name | string | <job-name> | Name of the job. |
| job.msInterval | number | 86400000 | The time interval (in milliseconds) at which the job runs. |
setting.notifyAfterEnrollRenewRetryCount | number | 5 | Applies only to | |
| setting.msTimeout | number | 30000 | Applies only to |
keystores | id | string | < key-store-name > | Key store name (unique) |
enable | boolean | true | If set as false, the key store is not be available for any operation. | |
icon | string | < Desktop / SoftHSM / HardHSM > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HardHSM”. | |
type | string | < Platform / SWToken / HWToken > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “HWToken”. | |
removable | boolean | < false / true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”. | |
friendlyName | string | < Key Store name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
path | string | < Key Store Family Name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
name | string | < Key Store Display name > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
readWrite | boolean | < true > | Do not change for existing key stores. In case you are adding H/W key store, you can update as “true”, if the value is “FALSE” then operations will not work. | |
driver | string[] | < absolute path for the Key Store driver > | Do not change for existing key stores. In case you are adding H/W key store, you can update as relevant to the eToken. | |
loginSessionValidity | number | 300 0 when id = WINOS | MACOS, or when omitted | Configure the number in seconds of how long the login session is retained after the user enters the PIN. Also when a user performs any token-based operation, the session will be reset to this value. 0 means the session will not be retained. | |
logger | format.level | string | info | Allowed values are ‘error/warn/info/http/verbose/debug/silly’ |
format.timestamp | string | YYYY-MM-DD HH:mm:ss.SSS | Do not change. | |
dailyRotate.enable | boolean | true | Do not change | |
dailyRotate.dirName | string | <HOME>/.digicert-trust-assistant/logs | Do not change | |
dailyRotate.fileName | string | trustassistant-%DATE%.log | Do not change | |
dailyRotate.datePattern | string | YYYYMMDD | Do not change | |
dailyRotate.zippedArchive | boolean | true | Do not change | |
dailyRotate.maxSize | string | 50m | Do not change | |
dailyRotate.maxFiles | string | 7d | Do not change | |
console.enable | boolean | true | Do not change | |
__internal__ | migration.version | string | 1.2.5 |
|
caches | name | string | postscripts | The identifier of the specific cache category (e.g., postscripts, profiles, etc.). |
ttlSec | string | 1209600 | The time-to-live for the cached data, in seconds. After this duration, the cached data expires and may be refreshed or discarded. | |
plugins | name | string | sample | The name of the plugin. |
version | number | 1.0.0 | Specifies the version of the plugin. | |
id | string | foo | A unique identifier for the plugin. | |
main | string | packed.js | The main JavaScript file executed when the plugin loads. | |
renderer | string | packed.js | The JavaScript file used for rendering the plugin’s UI. | |
path | string | plugins/sample.plugin | File system path to the plugin’s root directory. | |
signature | string | <must be signed by our key> | Signature with DigiCert’s private key for validation and security. | |
jobs | name | string | <job name> | Do not change |
enable | boolean | true | Do not change | |
intervalSec | number | depends | Interval in seconds the job runs. | |
rememberLast | boolean | depends | Whether to remember the last run even after application reboot. | |
randomSec | number | depends | Decides the timing when the job runs. If 0, it will run immediately. If number is specified, it will randomly decide between 0 and randomSec time in seconds to wait til it runs. |
警告
Do not update config.json using Group Policy (GPO) or any Device Management (MDM) solution. This may result in unexpected behavior, overwrite critical settings, or cause application malfunctions. Instead, use extra-conf.json for configuring DigiCert® Trust Assistant through GPO or MDM. For more details on configuring via extra-conf.json, refer to Configure DigiCert Trust Assistant settings via GPO or Device Management solution.
Example
{
"license": {
"algorithm": "ES384",
"issuer": "https://trustassistant.digicert.com",
"x509": "MIICHjCCAaSgAwIBAgIULRidBMJPgU/+2kCa/94y+vZtC48wCgYIKoZIzj0EAwMwPTEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURpZ2lDZXJ0IE9uZSBMaWNlbnNlIFJvb3QwIBcNMjAwMTAxMDAwMDAwWhgPMjEyMDAxMDEwMDAwMDBaMD0xFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSIwIAYDVQQDExlEaWdpQ2VydCBPbmUgTGljZW5zZSBSb290MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEXjjpsiEBlldhARkre/KC05lDz/iOPtb6XPBD2TKS/8zCb4S3bk7SvAzOWs0hsNnceNMXKqtwtHidHSQArZ80wme6jLzPtAaaQVpu0+/HOsMvSp+7Gp85y4hxzUbLrCzio2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2jmj7l5rSw0yVb/vlWAYkK/YBwkwHwYDVR0jBBgwFoAU2jmj7l5rSw0yVb/vlWAYkK/YBwkwCgYIKoZIzj0EAwMDaAAwZQIwKQIBaAUl0WQTIAY8E0nFauEQM0gkOnuCOSb+ACTpR9ayxoK3uQIHW4ZuWZgXK+tQAjEAl2xsyoKAvMbeCOXRbLki2rlfdIqdt/DG8vjFaaWW/tkLUhqiVRBYJK8upG02h52b"
},
"setting": {
"locale": "en",
"diagnosis": false,
"window": {
"x": 0,
"y": 0,
"width": 1000,
"height": 600
},
"autoUpdate": false,
"updateServer": "https://pki-downloads.digicert.com/dta",
"winSilentUpdate": true,
"dcTlsClient": {
"verbose": false,
"timeoutSec": 10
},
"proxySettings": {
"type": "system",
"authInfo": {
"type": "none",
"userName": "",
"password": ""
},
"customProxy": {
"type": "http",
"server": "",
"port": "",
"pacFileURL": ""
}
},
"job": {
"netErrRetryIntrvlSec": 300
}
},
"services": [
{
"index": 1,
"name": "LogMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 2,
"name": "TokenMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 3,
"name": "KeyMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 4,
"name": "CertMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true,
"notifyAfterEnrollRenewRetryCount": 5
}
},
{
"index": 4,
"name": "CertMgmtService",
"enable": true,
"setting": {
"authenticate": true,
"ignore": [],
"removable": true
}
},
{
"index": 5,
"name": "APIService",
"enable": true,
"setting": {
"authenticate": true,
"host": "localhost",
"port": 8900,
"protocol": "http"
}
},
{
"index": 6,
"name": "ProfMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 7,
"name": "DiagnosisService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 8,
"name": "PostScriptService",
"enable": true,
"setting": {
"authenticate": false,
"msTimeout": 30000
}
},
{
"index": 9,
"name": "AuthMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
},
{
"index": 10,
"name": "UpdateService",
"enable": true,
"setting": {
"authenticate": false
},
"job": {
"name": "AutoUpdate",
"msInterval": 86400000
}
},
{
"index": 11,
"name": "WorkFlowService",
"enable": false,
"setting": {
"authenticate": false
}
},
{
"index": 12,
"name": "JobMgmtService",
"enable": true,
"setting": {
"authenticate": false
}
}
],
"keystores": [
{
"id": "DCSWKS",
"enable": true,
"icon": "SoftHSM",
"type": "SWToken",
"removable": false,
"friendlyName": "DigiCert Software KeyStore",
"path": "dcswkeystore",
"name": "DigiCert Software KeyStore",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/dcswkeystore.dylib",
"win": ".\\resources\\libs\\dcswkeystore.dll"
}
},
{
"id": "MACOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "MacOS Keychain",
"readWrite": true,
"driver": {
"osx": "../Resources/libs/libpvpkcs11.dylib"
},
"loginSessionValidity": 0
},
{
"id": "WINOS",
"enable": true,
"icon": "Desktop",
"type": "Platform",
"removable": false,
"friendlyName": "My Computer",
"path": "mycomputer",
"name": "Windows Provider",
"readWrite": true,
"driver": {
"win": ".\\resources\\libs\\pvpkcs11.dll"
},
"loginSessionValidity": 0
},
{
"id": "ETOKEN",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Gemalto eToken",
"path": "etoken",
"name": "Gemalto eToken",
"readWrite": true,
"driver": {
"win": "C:\\Windows\\System32\\eTPKCS11.dll",
"osx": "/usr/local/lib/libeTPkcs11.dylib",
"lin": "/usr/lib64/libeTPkcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "YUBIKEY",
"enable": true,
"icon": "HardHSM",
"type": "HWToken",
"removable": true,
"friendlyName": "Yubico Yubikey",
"path": "yubikey",
"name": "YubiKey",
"readWrite": true,
"driver": {
"win": "C:\\Program Files\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll",
"osx": "/usr/local/lib/libykcs11.dylib",
"lin": "/usr/local/lib/libykcs11.so"
},
"loginSessionValidity": 300
},
{
"id": "STM",
"enable": false,
"icon": "CloudHSM",
"type": "SWToken",
"removable": true,
"friendlyName": "DigiCert STM",
"path": "stm",
"name": "DigiCert STM",
"readWrite": true,
"loginSessionValidity": 300,
"driver": {
"osx": "../Resources/libs/smpkcs11.dylib",
"win": ".\\resources\\libs\\smpkcs11.dll"
}
}
],
"logger": {
"format": {
"level": "info",
"timestamp": "YYYY-MM-DD HH:mm:ss.SSS"
},
"dailyRotate": {
"enable": true,
"dirname": "/Users/fumitaka.sato/.digicert-trust-assistant/logs",
"filename": "trustassistant-%DATE%.log",
"datePattern": "YYYYMMDD",
"zippedArchive": true,
"maxSize": "50m",
"maxFiles": "7d"
},
"console": {
"enable": true
}
},
"plugins": [
{
"name": "sample",
"version": "1.0.0",
"id": "foo",
"main": "packed.js",
"renderer": "packed.js",
"path": "plugins/sample.plugin",
"signature": "must be signed by our key"
}
],
"__internal__": {
"migrations": {
"version": "1.2.0"
}
},
"caches": [
{
"name": "postscripts",
"ttlSec": 1209600
},
{
"name": "profiles",
"ttlSec": 604800
},
{
"name": "notifications",
"ttlSec": 1209600
},
{
"name": "account",
"ttlSec": 604800
},
{
"name": "userInfo",
"ttlSec": 604800
},
{
"name": "clientPolicy",
"ttlSec": 82800
},
{
"name": "dtwCert",
"ttlSec": 604800
},
{
"name": "dtwEnroll",
"ttlSec": 604800
}
],
"jobs": [
{
"name": "AutoUpdateCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": false,
"randomSec": 0
},
{
"name": "EnrollCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "RenewCheck",
"enable": true,
"intervalSec": 86400,
"rememberLast": true,
"randomSec": 3600
},
{
"name": "TokenPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "NotifyPeriodic",
"enable": true,
"intervalSec": 5,
"rememberLast": false,
"randomSec": 0
},
{
"name": "DeviceCertReissue",
"enable": true,
"intervalSec": 604800,
"rememberLast": true,
"randomSec": 0
}
]
}
注意
Exit and relaunch the application to apply the configuration changes.
注意
From DigiCert® Trust Assistant version 1.2.3 onward, you can configure the keystore via extra-config.json. For more information on how to set it up, refer to Keystore settings.