The PKCS11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface.
This standard interface is used by cryptographic accelerators and hardware security modules.
The PKCS11 Key Manager Provider component inherits from the Key Manager Provider
This page describes the PKCS11 Key Manager Provider:
A description of each property follows.
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ enabled | ↓ java-class |
| ↓ key-store-pin | |
| ↓ key-store-pin-environment-variable | |
| ↓ key-store-pin-file | |
| ↓ key-store-pin-property |
| Description | Indicates whether the Key Manager Provider is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . |
| Default Value | None |
| Allowed Values | A String |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Advanced Property | No |
| Read-only | No |
key-store-pin-environment-variable
| Description | Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . |
| Default Value | None |
| Allowed Values | The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . |
| Default Value | None |
| Allowed Values | A path to an existing file that is readable by the server. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Advanced Property | No |
| Read-only | No |
| Description | Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . |
| Default Value | None |
| Allowed Values | The name of a defined Java property. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Advanced Property | No |
| Read-only | No |
| Description | The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. |
| Default Value | org.opends.server.extensions.PKCS11KeyManagerProvider |
| Allowed Values | A java class that implements or extends the class(es) : org.opends.server.api.KeyManagerProvider |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | The PKCS11 Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect |
| Advanced Property | Yes |
| Read-only | No |
Each configuration property can be mapped to a specific LDAP attribute under the "cn=config" entry. The mappings that follow are provided for information only. In general, you should avoid changing the server configuration by manipulating the LDAP attributes directly.
| Base DN | cn=Key Manager Providers,cn=config |
| objectclass name | ds-cfg-pkcs11-key-manager-provider |
| objectclass superior | ds-cfg-key-manager-provider |
| Property | LDAP attribute |
| enabled | ds-cfg-enabled |
| java-class | ds-cfg-java-class |
| key-store-pin | ds-cfg-key-store-pin |
| key-store-pin-environment-variable | ds-cfg-key-store-pin-environment-variable |
| key-store-pin-file | ds-cfg-key-store-pin-file |
| key-store-pin-property | ds-cfg-key-store-pin-property |