| Info |
|---|
This article is valid for Smart ID 24.R1 and later. |
THIS IS A WORK IN PROGRESS!
Smart ID Identity Manager offers support for HSM (Hardware Security Model) for several use cases:
...
This is a more secure solution for signing and encryption than PKCS#12 files, which are files in the file system, only protected by a PIN code.
| Info |
|---|
Using an HSM can impact performance and latency compared to using PKCS#12 soft-tokens. |
The set of JAR files in Certificate Manager (CM) 8.4 and later has changed. This applies to Identity Manager in Smart ID 21.10 and later - see this note for the updates, see also section "Configure Tomcat" below.
...
To avoid this, you have these options:
Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).
OR
Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).
CMSDK JARs:
cmcommon*.jar
cmsdk-*.jar
common-*.jar
BouncyCastle JARs:
bcmail-*.jar
bcpgp-*.jar
bcpkix-*.jar
bcprov-*.jar (including bcprov-ext-*.jar)
Additional information
| Expand | ||
|---|---|---|
| ||