.png){kind=logo}
ZoneZipFileServerSideSigner
The ZoneZipFileServerSideSigner signer has the fully qualified class name: org.signserver.module.dnssec.signer.ZoneZipFileServerSideSigner
Overview
The ZoneZipFileServerSideSigner signer can be used to sign a Domain Name System (DNS) zone file contained in a zip file, using DNS Security Extensions (DNSSEC).
The ZoneZipFileServerSideSigner is similar to the ZoneFileServerSideSigner with the difference that this signer uses the input of a zip file containing an unsigned zone file and a previously signed zone file. Depending on the request metadata property FORCE_RESIGN, signatures present in previously signed zone files are reused if they are valid, and only new records are signed.
Available Properties
Required Property | Default | Description |
|---|---|---|
ACTIVE_KSKS | None | Specifies the active key signing keys to use. Must specify exactly 1 or 2 key aliases, comma-separated. Example: |
ZONE_NAME | None | Specifies the name of the top-level zone in the zone file. Example: |
ZSK_KEY_ALIAS_PREFIX | None | Specifies the key alias prefix to use for zone signing. The key used is based on the prefix with the key sequence number appended. Example: |
Property | Default | Description |
DISABLEKEYUSAGECOUNTER | True | Disables the key usage counter. As the key usage counter is not supported by this signer, if set, only the value true is supported. |
NSEC3_SALT | None | (Optional) Specifies the fixed, HEX-encoded salt (64-bit value) to use instead of a random salt for testing/troubleshooting purposes. Example: |
PUBLISH_PREVIOUS_ZSK | True | (Optional) Specifies if the previous ZSK (if one) should be kept published. |
SIGNATUREALGORITHM | SHA256withRSA | Specifies the signature algorithm to use for all signatures. Only SHA1withRSA, SHA256withRSA, and SHA512withRSA are supported. All signature algorithms map to DNSSEC algorithms using NSEC3. |
Request Parameters
Property | Default | Description |
|---|---|---|
FORCE_RESIGN | False | Specifies whether to resign previously signed records even if their signatures are valid and present in the signed zone file. |
ZSK_SEQUENCE_NUMBER | None | Specifies the sequence number to append after key alias prefix. Example: |