This Reference covers information on configuration options, workers, and components, as well as information on the different SignServer User interfaces available.

Highlights

SignServer User Interfaces

The following SignServer user interfaces are available for administrating SignServer. 

Administration CLI 

The SignServer Administration CLI (AdminCLI) is a command-line interface for administrating SignServer.

Administration Web

The SignServer Administration Web (AdminWeb) is a web interface for administrating SignServer, supporting the configuration of workers and associated key management as well as querying the audit log and archive.

Database CLI

enterprise

The SignServer Database CLI uses the Java Persistence API (JPA) to connect to the SignServer database.

Administration Web Services

In addition, the Administration Web Services (WS) interface allows remote administration of SignServer over client authenticated HTTPS.

Deploy-time Configuration

Information on Deploy-time Configuration properties used when deploying SignServer to the application server.

SignServer Workers

Covers information on SignServer workers (such as Signers and Document Validators) configured to perform certain activities like signing files of a certain type, often with a specific key. For an overview, see SignServer Workers.

SignServer Components

SignServer Components (such as Crypto Tokens and Authorizers) provide specific functionality and are configured in the SignServer workers. For more information, see SignServer Components.

Logging

SignServer uses Log4j for debug logging and the security events logger from CESeCore for system/audit logging. In addition, the worker logger (transaction log) can be configured to use Log4j and/or the security events logger. See Logging.

Authentication and Authorization

Client Authentication and Authorization can be configured per-worker and occurs in different components as the request comes in. 

Health Check

The Health Check service is used for health monitoring and is useful for clusters.

SignServer TimeMonitor

enterprise

The external SignServer TimeMonitor application can be used together with the StatusReadingLocalComputerTimeSource for monitoring the local time and informing SignServer about its state. For more information, see SignServer TimeMonitor Application.

Peer Systems

enterprise

For more information on the SignServer support for incoming peer connections, see Peer Systems.

Client-Side Hashing

SignServer provides various options for performing the hashing on the client-side instead of completing the signing steps on the server-side, allowing you to avoid sending the original file to the server. 

Key Wrapping

enterprise

Key wrapping allows solving issues arising when the number of keys you need to handle exceeds the amount that can be stored in a limited storage space for an HSM. The feature enables exporting the key material in a protected manner and storing the wrapped, encrypted key in an external database.

Developer Reference

For instructions needed for building and developing SignServer, see Developer Reference

Internationalization

For information on the different languages supported by the AdminWeb and more information about the translation process, see Internationalization.