PingDS 7.5.1

PKCS#11 Key Manager Provider

The PKCS#11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface.

This standard interface is used by cryptographic accelerators and hardware security modules.

Parent

The PKCS#11 Key Manager Provider object inherits from Key Manager Provider.

PKCS#11 Key Manager Provider properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
key-store-pin
key-store-type
pkcs11-provider-arg
pkcs11-provider-name

java-class
pkcs11-provider-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicates whether the Key Manager Provider is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

key-store-pin

Synopsis

Specifies the clear-text PIN needed to access the PKCS#11 Key Manager Provider .

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property will take effect the next time that the PKCS#11 Key Manager Provider is accessed.

Advanced

No

Read-only

No

key-store-type

Synopsis

The type of the PKCS#11 key manager.

Description

  1. If no type is specified, the default value of "PKCS11" will be used.

Default value

PKCS11

Allowed values

Any PKCS#11 key store format supported by this Java runtime environment.

Multi-valued

No

Required

No

Admin action required

Restart the server for changes to take effect.

Advanced

No

Read-only

No

pkcs11-provider-arg

Synopsis

The argument passed to configure the PKCS#11 provider.

Description

The provider argument is often a path to a properties file which contains the detailed configuration of the provider.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

pkcs11-provider-name

Synopsis

The name of the PKCS#11 provider.

Description

The provider name is usually the name used in the java.security file’s "security.provider" list, such as "SunPKCS11".

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

The fully-qualified name of the Java class that provides the PKCS#11 Key Manager Provider implementation.

Default value

org.opends.server.extensions.PKCS11KeyManagerProvider

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.KeyManagerProvider

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

pkcs11-provider-class

Synopsis

The class of the PKCS#11 provider.

Description

The main Java class implementing the PKCS#11 provider, such as "sun.security.pkcs11.SunPKCS11".

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No
Copyright © 2010-2024 ForgeRock, all rights reserved.