You can configure properties in conf/signserver_deploy.properties, which are used when deploying SignServer to the application server. The properties include settings used by the deployment script to find the application server, the database type to use, and other settings included in the deployment of the application.
The Deploy-time Configuration feature is only available for the SignServer Software Stack and Container deployments. See Installation.
See the sample configuration script conf/signserver_deploy.properties.sample for available options and default values.
To ensure that changes in signserver_deploy.properties and databasprotection.properties take effect, the application needs to be deployed again using bin/ant deploy. It is however not necessary to run bin/ant clean.
Crypto Token Configuration
|
Property |
Default |
Description |
|---|---|---|
|
|
false |
Disable the key generation functionality for all Crypto Tokens. With this property set to true, Worker key renewal and key generation operations in Crypto Tokens are denied with the error message "Key generation has been disabled". Additionally, the key generation pages in Admin Web are disabled.
|
Status Repository Configuration
By default, the Status Repository produces a log entry for every update. To disable or set that only changes are logged, change the property statusrepository.log in the configuration.
|
Property |
Default |
Description |
|---|---|---|
|
|
|
The following options are possible:
|
For more information, see the signserver_deploy.properties.sample.
Database Configuration
For information on database configuration, see Database Setup.
|
Property |
Default |
Description |
|---|---|---|
|
|
false |
Disable the hibernate L2 (Second-level) and query cache. With this property set to true, the SignServerJPA and EJBCA persistence units will be deployed with some extra elements to disable the L2 and query cache. The elements added are:
The results of disabling the L2 and query cache have not been tested, but it is expected to have a negative impact on performance. |
Allowlist Configuration
|
Property |
Description |
|---|---|
|
|
There is the possibility of archiving signed documents in the local file system, see the Example:
|
|
|
There is the possibility of specifying a visible signature image using a file path (for example, using Example:
|
|
|
Specify the path entry to use for the Signer Status Report Timed Service. Configure the outputfile path where the report is stored:
|
|
|
Specify the path entry to use for the Keystore Crypto Token. Configure the keystore path where the keystore file is stored:
|
|
|
Specify the path entry to use for the Renewal Worker. Configure the truststore path where the CA SSL server certificate is stored:
|
|
|
Specify the path entry to use for the PKCS#11 Crypto Token. Configure the attributesfile path where the file with PKCS#11 attributes is stored:
|
Worker ID Configuration
|
Property |
Default |
Description |
|---|---|---|
|
|
1 |
Specifies the starting number for auto-generated Worker IDs. When adding a new Worker using a placeholder (such as This property is useful for reserving specific ID ranges for manual assignment while allowing auto-generated Workers to start from a higher, non-conflicting offset. Example:
|
|
|
Empty |
Enables Workers to be read-only through the remote interfaces such as REST API, Admin WS, or the Admin Web. Setting this property means that the Worker IDs listed cannot be edited. This includes removing or adding a Worker within the specified range. Changes using Admin CLI are still allowed. This property allows multiple ranges which can be specified using a comma as the delimiter. Example:
|
Allow Any Configuration
|
Property |
Default |
Description |
|---|---|---|
|
|
true |
Enables or disables using Setting this property to true, or unconfigured, permits Setting this property to false disables |