Property

Description

Signature Padding Scheme

Define the signature padding scheme to be used by the SCVP service while performing SCVP response signing operation. The default parameter value is: PKCS1

  • SIGNATURE_PADDING_SCHEME = PKCS1

Possible values are PKCS1 and PSS

Note: Click here for more details on limitations when PSS padding scheme is used.

SCVP Authorisation Policy OID

Define the policy OID for access control sub-module as RFC-5055 require this to be return in ValPolResponse. Requester authentication mechanism is already in place as access control. The default parameter value is:

  • SCVP_AUTH_POLICY_OID = 1.2.6.7.8

Possible values: Any OID

SCVP Clock Skew

Time interval in minutes to ignore historical time in request for validating the certificate. 

  • SCVP_CLOCK_SKEW = 10

Default Value: 10

Cached Policy Response Interval

Time interval to cache the SCVP validation policy response. 

  • CACHED_POLICY_RESPONSE_INTERVAL = 3600

Default Value: 3600

Transaction logs settings

Transactions can be stored either directly or delayed for better performance. The following properties are used for logging:

  • TRANSACTION_LOG_MODE = LAZY
    Used to decide whether the transactions are kept in memory before these are stored in the database (LAZY logging) or directly stored in the database (EAGER logging). Possible values: LAZY, EAGER
    In case of LAZY logging the transaction logs are kept in memory upto the number of seconds configured in TRANSACTION_LOG_LAZY_INTERVAL or number of transactions configured in TRANSACTION_LOG_LAZY_RECORD_COUNT whichever is reached first.
  • TRANSACTION_LOG_LAZY_INTERVAL = 2
    When LAZY logging is configured, transactions are kept in memory upto the configured time or if the configured TRANSACTION_LOG_LAZY_RECORD_COUNT is reached before it.
  • TRANSACTION_LOG_LAZY_RECORD_COUNT = 200
    When LAZY logging is configured, transactions are kept in memory until the configured number of transactions is reached or if the configured TRANSACTION_LOG_LAZY_INTERVAL is met before it.

Show Dateformat in Milliseconds

Used to display transaction logs request/response with milliseconds precision.

  • SHOW_DATEFORMAT_MILLISECONDS = FALSE

Default value: False


See also

Signing Service

Verification Service
Certification Service
OCSP Service
OCSP Repeater
TSA Settings
XKMS Service
LTANS Service
Decryption Service
OCSP Monitor
GoSign Service
RA Service
CRL Monitor
RAS Service
SAM Service
CSP Service
NPKD Service
SPOC Service