Skip to main content
Skip table of contents

Set up a Crypto Worker

SignServer workers use a Crypto Token to talk to the HSM or software keystore and you therefore need to set up a Crypto Worker to hold this Crypto Token. This worker can then later be used by other workers to access the Crypto Token.

To set up the Crypto Worker using the Admin Web, see the respective Using an HSM or Using a Soft Keystore sections below.

Using an HSM

To set up a crypto token using an HSM, do the following:

  1. Access the SignServer Administration Web.

  2. On the Workers page, click Add and select From Template.

  3. Select pkcs11-crypto.properties and click Next.

  4. Make the appropriate adjustments for:

    • NAME: Specify a name for the worker, for example HSMCryptoToken1.

    • SHAREDLIBRARYNAME: The HSM model you are using.

    • SLOTLABELTYPE: How to reference the slot to use, by number or index.

    • SLOTLABELVALUE: The slot number or index to use.

  5. Click Apply and then Activate.

  6. Enter the slot/partition password (if required by the HSM/keystore) and click Activate.

  7. Select the worker name, for example HSMCryptoToken1, and click the Status Summary tab to check for any errors.

  8. Click the Crypto Token tab, select Generate Key and specify the following before clicking Generate.

    • New Key Alias: testkey0

    • Key Algorithm: RSA

    • Key Specification: 1024.

  9. Click Activate again and enter the slot/partition password (if any), and then click Activate.

  10. The crypto worker should now be in ACTIVE state. If not, check for errors on the Status Summary tab, and secondly in the server log if needed.

Using a Soft Keystore (for Demo/Testing)

To set up a crypto token using a soft keystore, do the following:

  1. Access the SignServer Administration Web.

  2. On the Workers page, click Add and select From Template.

  3. Select keystore-crypto.properties and click Next.

  4. Make the appropriate adjustments for:

    • NAME: Specify a name for the worker, for example SoftCryptoToken1.

    • KEYSTORETYPE: INTERNAL.

    • KEYSTOREPATH: Clear this since the internal KEYSTORETYPE is used.

  5. Click Apply and then Activate and specify a password.

  6. Click the Crypto Token tab, select Generate Key and specify the following before clicking Generate.

    • New Key Alias: testkey0

    • Key Algorithm: RSA

    • Key Specification: 1024

  7. Click Activate again and enter the keystore password.

  8. The crypto worker should now be in ACTIVE state. If not, check for errors on the Status Summary tab.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close