Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Comment: New article?

Comment: Remember to update the release version number before publishing externally.

Info

This article is new for Smart ID Identity Manager24.R1.

Upon startup, Identity Manager Operator and Identity Manager Administrator perform various checks of the Sign and Encrypt engine's configuration. Depending on the severity, failed checks will lead to log messages or even prevent the system from starting.

Check for Demo Keys

This check will go through all the configured keys of the sign and encrypt engine and check them against a blacklist. The blacklist contains known demo keys by default (publicly known and thus not suitable for productive use). If a descriptor uses a blacklisted keypair, an error message will be logged with details of the offending descriptor.

You can add certificates to the blacklist, for example, the ones that you used during development of your solution. The blacklist is contained in the file blacklist.p12, the default password is "blacklist".

If this check fails, booting will not be aborted, as this is an acceptable scenario for development, testing and demonstrations. To fix the error, change the keys of the offending descriptors.

Check the Secret Fields Store configuration

...

The old chain will remain intact for further analysis. The new chain will be signed with the currently configured descriptor.

Check for Demo Keys

This check will go through all the configured keys of the sign and encrypt engine and check them against a blacklist. The blacklist contains known demo keys by default (publicly known and thus not suitable for productive use). If a descriptor uses a blacklisted keypair, an error message will be logged with details of the offending descriptor.

You can add certificates to the blacklist, for example, the ones that you used during development of your solution. The blacklist is contained in the file blacklist.p12, the default password is "blacklist".

If this check fails, booting will not be aborted, as this is an acceptable scenario for development, testing and demonstrations. To fix the error, change the keys of the offending descriptors.