ForgeRock Directory Services

PKCS#11 Trust Manager Provider

The PKCS#11 Trust Manager Provider enables the server to manage trust information through the PKCS11 interface

This standard interface is used by cryptographic accelerators and hardware security modules.

Parent

The PKCS#11 Trust Manager Provider object inherits from Trust Manager Provider.

PKCS#11 Trust Manager Provider properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

enabled
pkcs11-provider-arg
pkcs11-provider-name
trust-store-pin
trust-store-type

java-class
pkcs11-provider-class

Basic properties

Use the --advanced option to access advanced properties.

enabled

Synopsis

Indicate whether the Trust Manager Provider is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

pkcs11-provider-arg

Synopsis

The argument passed to configure the PKCS#11 provider.

Description

The provider argument is often a path to a properties file which contains the detailed configuration of the provider.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

pkcs11-provider-name

Synopsis

The name of the PKCS#11 provider.

Description

The provider name is usually the name used in the java.security file’s "security.provider" list, such as "SunPKCS11".

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

trust-store-pin

Synopsis

Specifies the clear-text PIN needed to access the PKCS#11 Trust Manager Provider .

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property will take effect the next time that the PKCS#11 Trust Manager Provider is accessed.

Advanced

No

Read-only

No

trust-store-type

Synopsis

The type of the PKCS#11 trust manager.

Description

  1. If no type is specified, the default value of "PKCS11" will be used.

Default value

PKCS11

Allowed values

Any PKCS#11 key store format supported by this Java runtime environment.

Multi-valued

No

Required

No

Admin action required

Restart the server for changes to take effect.

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

The fully-qualified name of the Java class that provides the PKCS#11 Trust Manager Provider implementation.

Default value

org.opends.server.extensions.Pkcs11TrustManagerProvider

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.TrustManagerProvider

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No

pkcs11-provider-class

Synopsis

The class of the PKCS#11 provider.

Description

The main Java class implementing the PKCS#11 provider, such as "sun.security.pkcs11.SunPKCS11".

Default value

None

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No