Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Global service settings for Nexus Timestamp Server

Owned by Ann Base (Deactivated)
Last updated: Nov 13, 2023 by Josefin Klang (Deactivated)
1 min read

This article describes the global service settings for the timestamp services configured in Nexus Timestamp Server. The global service settings are used by all timestamp services and not configured separately per timestamp service.

These settings are used by more than one filter and are defined in service.properties.

Step-by-step instructions

  1. Open the service.properties configuration file.

  2. Set the applicable parameters, described in this table:

Parameter

Description

Possible values

Default value

Parameter

Description

Possible values

Default value

signer.store

The path to the keystore used for signing the timestamp response. Must be a PKCS#12, JKS or PKCS#11 library (.dll, .so) file.

Path

-

signer.store.pin

The password to unlock the keystore.

String

-

signer.password

The password needed to unlock the signing certificate/key.

String

-

signer.nopinpad

Suppress the use of a PIN-pad reader. If set to true, then force login with password even if the device reports that it has a PIN-pad reader

true/false

false

signer.alias

The friendly name of the certificate/key in the keystore in PKCS#12 and JKS. Only required if the file contains more than one private key. In PKCS#11, this must be the CKA_LABEL of the certificate and private key.

String

-

signer.store.tokenlabel

The label name of the PKCS#11 token which contains the key and certificate to be used. This parameter is OPTIONAL.

String

-

trust.store.default store

The path to the trust store. Used for validating the timestamp request if client authentication is enabled.

Path





Examples



Example: PKCS#12
signer.store=${ServiceDir}/keys/tsaDemo.p12 signer.store.pin=1234 signer.password=1234 signer.pinpad=false signer.alias=TSA Demo Signing Certificate







Example: PKCS#11 (HSM)
signer.store=${ConfigurationDir}/keys/cs_pkcs11_R2.dll signer.store.pin=1234 signer.password=1234 signer.pinpad=false signer.alias=tsa signer.store.tokenlabel=tss_keys





The signing certificate used by the timestamp service must be a valid timestamping certificate. This means that a timestamping certificate must have Extended Key Usage set to Timestamping.



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions