Difference between revisions of "JSS Subsystem"

From Dogtag
Jump to: navigation, search
m
m
 
Line 28: Line 28:
 
== Random Number Generator ==
 
== Random Number Generator ==
  
The random number generator can be configured with the following parameters:
+
See [https://github.com/dogtagpki/pki/wiki/Configuring-Random-Generator Configuring Random Generator].
 
 
<pre>
 
jss.random.algorithm=pkcs11prng
 
jss.random.provider=Mozilla-JSS
 
</pre>
 
 
 
By default it will use the PK11SecureRandom provided by JSS.
 
 
 
See also [[Random Number Generator]].
 
  
 
== Debugging Password ==
 
== Debugging Password ==

Latest revision as of 16:35, 29 July 2022

JSS Subsystem

jss.enable=true

NSS Database

jss.configDir=[PKI_INSTANCE_PATH]/alias/
jss.secmodName=secmod.db

OCSP

jss.ocspcheck.enable=false

SSL

jss.ssl.cipherfortezza=true
jss.ssl.cipherpref=
jss.ssl.cipherversion=cipherdomestic

Random Number Generator

See Configuring Random Generator.

Debugging Password

For debugging, NSS token password can be specified in the following parameter:

jss.password=<password>

If the password is defined, it will be used during CA/OCSP's SigningUnit initialization:

PasswordCallback cb = JssSubsystem.getInstance().getPWCB();
mToken.login(cb);

Note: This functionality has been removed in PKI 10.6.

References