Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The PKCS11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface.
This standard interface is used by cryptographic accelerators and hardware security modules.
↓Parent Component
↓Properties
↓dsconfig Usage
The PKCS11 Key Manager Provider component inherits from the Key Manager Provider
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ enabled | |
| ↓ key-store-pin | |
| ↓ key-store-pin-property | |
| ↓ key-store-pin-environment-variable | |
| ↓ key-store-pin-file |
| Description | A description for this Key Manager Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Key Manager Provider is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the PIN needed to access the PKCS11 Key Manager Provider. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Description | Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider. |
| Default Value | None |
| Allowed Values | The name of a defined Java property. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
key-store-pin-environment-variable
| Description | Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider. |
| Default Value | None |
| Allowed Values | The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
| Description | Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider. |
| Default Value | None |
| Allowed Values | Unknown |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. |
To list the configured Key Manager Providers:
dsconfig list-key-manager-providers
[--property {propertyName}] ...
To view the configuration for an existing Key Manager Provider:
dsconfig get-key-manager-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Key Manager Provider:
dsconfig set-key-manager-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new PKCS11 Key Manager Provider:
dsconfig create-key-manager-provider
--provider-name {name}
--type pkcs11
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Key Manager Provider:
dsconfig delete-key-manager-provider
--provider-name {name}