Question about Signing PDFs using one worker but dynamic users. more than 1000 users #125
Replies: 1 comment 1 reply
-
|
Hi! Which HSM/driver are you using? With this you should be able to use an alias selector for the PDFSigner. For example to map the key alias being used to the a login credential using HTTP basic auth one can use the AuthorizedUsernameAliasSelector: ALIASSELECTOR=org.signserver.server.aliasselectors.AuthorizedUsernameAliasSelector. (optionally a prefix can be specified with the ALIAS_PREFIX worker property, e.g. if all keys begin with for example "key_" this could be set, and then the used key would be key_") Another possibility is to use RequestMetadataAliasSelector: ALIASSELECTOR=org.signserver.server.aliasselectors.RequestMetadataAliasSelector Then it would take the key to use from a meta data property specified in the signing request. See: https://docs.keyfactor.com/signserver/latest/alias-selectors |
Beta Was this translation helpful? Give feedback.
-
|
hello thanks for your respone. We are using softhsmv2 for dev environment as of now. I will have a look at your solution. thank you |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
hello,
I was trying to find a architecture for the product i am working on where i can sign pdf s using differnt keys each time for different users( dynamically ) without having to upload certificate chain each time for a worker? In short i should be able to use keys/certs and trustchain from hsm/db. in currently signserver can retrieve keys certs from hsm but not chain. so each time i have to
docker exec signserver bin/signserver uploadsignercertificatechain 2 GLOB /opt/signserver/res/user_cert_chain.pemto upload signer certificate. can some one recommend a suritable solution. thanks :) cheersBeta Was this translation helpful? Give feedback.
All reactions