SignServer + SoftHSM2: New keys not visible until CryptoToken reload #130
Unanswered
l4zyc0ders4m
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm encountering a strange issue during the development of a product using SignServer.
I have a shared SoftHSM2 mount, which is correctly loaded into a crypto worker.
My custom crypto container (which I’m developing) writes keys and certificates to SoftHSM.
The SignServer CryptoToken (CryptoTokenP11) is properly configured to read keys from SoftHSM and sign PDFs.
However, newly written keys/certificates do not appear available to SignServer until I explicitly reload the crypto token.
Questions:
Is this expected behavior with SignServer and SoftHSM?
Did I miss any configuration that enables automatic detection of new keys?
If this is expected, is there any workaround other than manually reloading the CryptoToken each time a new key/cert is added?
I've attached a test scenario in the screenshot below.
I verified that the keys exist using pkcs11-tool.I ran querytokenentries using the built-in SignServer tool but didn’t see the new entries.After running signserver reload all, the same tool shows the new entries.
Thanks in advance for any ideas!
Beta Was this translation helpful? Give feedback.
All reactions