Comment: Remember to update the release version number before publishing externally.
| Info |
|---|
This article is valid for Smart ID Identity Manager 24.R1 or later. |
...
The default sign and encrypt engine's configuration is convenient to use for development or demonstrations. However, the The used keypairs are not secret and thus unsuitable for encrypting or signing. This check will go through all the configured keys of the sign and encrypt engine and check them against a blacklist. The blacklist contains the aforementioned default certificates and keypairs. If a descriptor uses a blacklisted keypair, an error message will be logged with details of the offending descriptor.
If you wish, you You can add certificates to the blacklist, e.g. for example, the ones that you used during development of your solution. The blacklist is contained in the file blacklist.p12, the default password is "blacklist".
If this check fails, booting will not be aborted, as this is an acceptable scenario for development, testing and demonstrations. To fix the error, change the keys of the offending descriptors.
...
If this check fails, start up will be aborted. To fix the error, please configure the correct key for the offending descriptor. If you want to change this keypair, please follow the documentation for doing so.
...
A failure of this test indicates that the descriptors used for the Object History signing are wrong. In this case, start up will be aborted. Please check Check that the correct certificate/keypair is configured for the descriptor and that the versioning is correct.
...
|
Thus, the The old chain will remain intact for further analysis. The new chain will be signed with the currently configured descriptor.