Skip to main content
Skip table of contents

Applications: Database Protection Settings

The following sections provide information on configuring the database protection for the Software Appliance.

If no HSM is configured, this configuration section is not available.
To be able to use database protection, you must first configure the appliance to use an HSM.
To do this, open the Security page and go to the HSM Configuration section.

Configure the Database Protection

  1. Log in to your Software Appliance and open the Applications page.

  2. Go to the Database Protection Settings section.

  3. As default No Database Protection is selected.

    Screenshot 2024-05-13 at 12.25.09.png

To configure the database protection for the Software Appliance click the tile Use Database Protection.

If the configuration for database protection is adjusted after activation, a signed audit log that can no longer be checked is likely to be created.
The Auditor role can no longer view the audit log entries!

Incorrect settings will prevent SignServer from starting.

Token Access for Database Protection

Slot Reference:
Select reference type of the slot that contains the key to be used for database protection. It is only necessary to select one of the three options.

  • Slot Label: select this option if you want to address the PKCS#11 slot via a label

  • Slot Number: select this option if you want to address the PKCS#11 slot via a number

The reference to the slot containing the key to be used for database protection is now defined.

Slot PIN:
Enter the PIN of the slot.

Key Pair Settings

Every action that creates an entry in the audit log requires access to the signing key specified here.

Switching between signing keys is currently not supported.

  1. An alias of the key to be used for database protection must now be defined.
    Enter the Key Alias.

  2. The next step is to define a Signature Algorithm used by the database protection.
    Use the drop-down function to choose between the two options:

    SHA256 with RSA
    SHA256 with ECDSA

  3. Finally, activate the checkbox Automatically Generate Key Pair.
    This is helpful if the key pair is not found on the HSM.

  4. To complete the process click Save Settings.

Screenshot 2024-05-13 at 14.32.06.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.