# Sample configuration of a TimeStampSigner. # ## General properties WORKERGENID1.TYPE=PROCESSABLE WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.tsa.TimeStampSigner WORKERGENID1.NAME=TimeStampSigner # Authentication. One of NOAUTH, CLIENTCERT, org.signserver.server.UsernamePasswordAuthorizer, org.signserver.server.UsernameAuthorizer WORKERGENID1.AUTHTYPE=NOAUTH # Crypto token WORKERGENID1.CRYPTOTOKEN=CryptoTokenP12 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1 #WORKERGENID1.CRYPTOTOKEN=CryptoTokenP11NG1KeyWrapping # Using key from sample keystore WORKERGENID1.DEFAULTKEY=ts00003 # Key using ECDSA #WORKERGENID1.DEFAULTKEY=ts00002 # Check validity period of the certificate will be verified before processing. Default true. #WORKERGENID1.CHECKCERTVALIDITY=true # Check validity of the PrivateKeyUsagePeriod in the certificate will be verified before processing if it is present. Default true. #WORKERGENID1.CHECKCERTPRIVATEKEYVALIDITY=true # Check the minimum remaining days of the signing certificate before expiration. 0 means disable. Default 0. #WORKERGENID1.MINREMAININGCERTVALIDITY=0 # Sets how many signatures that are allowed to be created with the same key by this worker. Default is -1 (no limit). # The counter is per key so if multiple workers share the same key they will all increment the counter. #WORKERGENID1.KEYUSAGELIMIT=-1 ## Archiving properties # Using the base 64 archiver #WORKERGENID1.ARCHIVERS=org.signserver.server.archive.base64dbarchiver.Base64DatabaseArchiver # Using the old database archiver #WORKERGENID1.ARCHIVERS=org.signserver.server.archive.olddbarchiver.OldDatabaseArchiver # Archiving only requests #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=REQUEST # Archiving only responses #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=RESPONSE # Archiving both requests and responses #WORKERGENID1.ARCHIVER0.ARCHIVE_OF_TYPE=REQUEST_AND_RESPONSE # Store forwarded address (from the X-Forwarded-For header) as the request address #WORKERGENID1.ARCHIVER0.USE_FORWARDED_ADDRESS=true # Include additional forwarded addresses (apart from the last), only applies if the property above is set #WORKERGENID1.ARCHIVER0.MAX_FORWARDED_ADDRESSES=3 # Included direct (non-forwarded address) at the end of forwarded addresses #WORKERGENID1.ARCHIVER0.INCLUDE_DIRECT_ADDRESS=true ## TSA properties # Required. The default policy ID of the time stamp authority. If no policy OID is specified in the request then will this value be used. WORKERGENID1.DEFAULTTSAPOLICYOID=1.3.6.1.4.1.22408.1.2.3.45 # Recommended. A ';' separated string containing accepted algorithms, can be null if it shouldn't be used. # Supported Algorithms are: GOST3411, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, RIPEMD128, RIPEMD160, RIPEMD256 #WORKERGENID1.ACCEPTEDALGORITHMS=SHA1;SHA224;SHA256;SHA384;SHA512 # Recommended. A ';' separated string containing accepted policies, can be null if it shouldn't be used. #WORKERGENID1.ACCEPTEDPOLICIES=1.3.6.1.4.1.22408.1.2.3.45;1.3.6.1.4.1.22408.1.2.3.46 # Accept any requested policy (must be set if not setting ACCEPTEDPOLICIES) # can optionally be set to false or empty value when setting ACCEPTEDPOLICIES for clarity WORKERGENID1.ACCEPTANYPOLICY=true #WORKERGENID1.ACCEPTANYPOLICY=false #WORKERGENID1.ACCEPTANYPOLICY= # Optional. A ';' separated string containing accepted extensions, can be null if it shouldn't be used. #WORKERGENID1.ACCEPTEDEXTENSIONS= # Optional. Class implementing the ITimeSource. #WORKERGENID1.TIMESOURCE=org.signserver.server.LocalComputerTimeSource # Optional. The signature algorithm to use. #WORKERGENID1.SIGNATUREALGORITHM=SHA256WithRSA # Optional. Accuracy defines how good the time source is. Only one of the accuracy properties should be set. #WORKERGENID1.ACCURACYMICROS=500 #WORKERGENID1.ACCURACYMILLIS=500 #WORKERGENID1.ACCURACYSECONDS=1 # Optional. The GeneralName of the Time Stamp Authority. #WORKERGENID1.TSA=CN=... # Optional. Set the GeneralName of the Time Stamp Authority from the subject DN of the signing # certificate. This can not be set if the TSA property above is set #WORKERGENID1.TSA_FROM_CERT=true # Optional. Perform an extra check that the SIGNERCERTCHAIN only contains certificates in the chain of the signer certificate #WORKERGENID1.REQUIREVALIDCHAIN=true # The maximum size (in bytes) used when generating serial numbers (default 8) #WORKERGENID1.MAXSERIALNUMBERLENGTH=16 # Optional. Specifies if the status string is to be included in the response. Setting this to true triggers a bug in some versions of OpenJDK's jarsigner utility. Default true. #WORKERGENID1.INCLUDESTATUSSTRING=false # Optional. Specifies if the signingTime signed CMS attribute should be included in the response. Default true. #WORKERGENID1.INCLUDESIGNINGTIMEATTRIBUTE=false # If the key usage counter is disabled WORKERGENID1.DISABLEKEYUSAGECOUNTER=true # Whether timestamp token signature is to be validated after signing. Default true. WORKERGENID1.VERIFY_TOKEN_SIGNATURE=true #WORKERGENID1.VERIFY_TOKEN_SIGNATURE= #WORKERGENID1.VERIFY_TOKEN_SIGNATURE=false