Nexus Documentation

Space shortcuts

Page tree

Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.

This article describes the global service settings for the timestamp services configured in Nexus Timestamp Server. The global service settings are used by all timestamp services and not configured separately per timestamp service.

These settings are used by more than one filter and are defined in service.properties.

Expand/Collapse All

Step-by-step instructions

  1. Open the service.properties configuration file.
  2. Set the applicable parameters, described in this table:
ParameterDescriptionPossible valuesDefault value
signer.store

The path to the keystore used for signing the timestamp response. Must be a PKCS#12, JKS or PKCS#11 library (.dll, .so) file.

Path-
signer.store.pinThe password to unlock the keystore.String-
signer.passwordThe password needed to unlock the signing certificate/key.String-
signer.nopinpad

Suppress the use of a PIN-pad reader. If set to true, then force login with password even if the device reports that it has a PIN-pad reader

true/falsefalse
signer.aliasThe friendly name of the certificate/key in the keystore in PKCS#12 and JKS. Only required if the file contains more than one private key. In PKCS#11, this must be the CKA_LABEL of the certificate and private key.String-
signer.store.tokenlabelThe label name of the PKCS#11 token which contains the key and certificate to be used. This parameter is OPTIONAL.String-

trust.store.default store

The path to the trust store. Used for validating the timestamp request if client authentication is enabled.Path


Examples

Example: PKCS#12
signer.store=${ServiceDir}/keys/tsaDemo.p12
signer.store.pin=1234
signer.password=1234
signer.pinpad=false
signer.alias=TSA Demo Signing Certificate
Example: PKCS#11 (HSM)
signer.store=${ConfigurationDir}/keys/cs_pkcs11_R2.dll
signer.store.pin=1234
signer.password=1234
signer.pinpad=false
signer.alias=tsa
signer.store.tokenlabel=tss_keys

The signing certificate used by the timestamp service must be a valid timestamping certificate. This means that a timestamping certificate must have Extended Key Usage set to Timestamping.

Related information

Contact Nexus

(For feedback on product documentation: Select Reason for contact: Feedback on documentation.)

© 2023 Technology Nexus Secured Business Solutions AB. All rights reserved.
Disclaimer | Terms & Conditions.