Keystore settings
The extra-conf.json file allows administrators to configure DigiCert Trust Assistant keystore settings, where it can:
Enable or disable specific keystores
Define login session validity for each keystore
Add new custom keystores
This flexibility allows you to manage keystore configurations to your security and operational needs. For more information about extra-conf.json file, refer to Configure via GPO or Device Management solution.
{
"keystores": [
{
"id": "WINOS",
"enable": false, // Set to false to disable this KeyStore
"loginSessionValidity": 0 // Always 0 for OS KeyStores
},
{
"id": "NEWKEYSTORE",
"enable": true, // Enable the new KeyStore
"icon": "SoftHSM", // Icon displayed in the UI (SoftHSM, Desktop, HardHSM, CloudHSM)
"type": "SWToken", // Type of keystore (e.g., HWToken, Platform ,SWToken,)
"removable": true, // True if the keystore can be removed
"friendlyName": "My New KeyStore", // User-friendly display name
"path": "mynewkeystore", // Path identifier for the keystore
"name": "My New KeyStore", // Internal keystore name
"readWrite": true, // True to allow read/write operations
"loginSessionValidity": 300, // Session validity in seconds (ignored for OS keystores)
"driver": {
"win": "C:\\Program Files\\mynewkeystore\\libmynewkey.dll", // Windows driver path
"osx": "/usr/local/lib/libmynewkey.dylib", // macOS driver path
"lin": "/usr/local/lib/libmynewkey.so" // Linux driver path
}
}
]
}