Configuration
The system consists of two main components - CloudSigner Server and Certification Authority. As the Certification Authority, Keyfactor EJBCA is currently supported.
For time-defining values, the following syntax is supported: 1s 1h 1d 1y.
CloudSigner Server
| Property | Default | Note |
|---|---|---|
| signer-cloud.server.document.waiting.timeout | 3600s |
Maximal timeout threshold when is possible sign the document after upload. |
| signer-cloud.server.document.waiting.retentionPeriod | empty | Retention period for waiting documents. Empty value means no retention period is used, value 0 means documents will be deleted immediately. |
| signer-cloud.server.document.rejected.retentionPeriod | empty | Retention period for rejected documents. Empty value means no retention period is used, value 0 means documents will be deleted immediately. |
| signer-cloud.server.document.signed.retentionPeriod | empty | Retention period for signed documents. Empty value means no retention period is used, value 0 means documents will be deleted immediately. |
| signer-cloud.server.document.cleanup.cron | 2 1 0 * * * |
Cron expression scheduling the job handling retention of the documents. Use - if you want to disable that. |
| signer-cloud.server.signer.expiration.job.cron | 3 2 0 * * * |
Cron expression scheduling the job handling retention of the signers. Use - if you want to disable that. |
| signer-cloud.server.signer.expiration.job.limit | 1000 | Limit how many entries are processed in a single run. |
| signer-cloud.server.signer.expiration.callback-enabled | true |
Enable/disable the callback to the external system when the signer expires. |
| signer-cloud.server.signer.renewal.job.cron | 0 */15 * * * * |
Cron expression scheduling the job handling renewal of the signers. Use - if you want to disable that. |
| signer-cloud.server.signer.renewal.job.limit | 25 | Limit how many entries are processed in a single run. |
| signer-cloud.server.signer.renewal.callback-enabled | true |
Enable/disable the callback to the external system when the signer renews. |
| signer-cloud.server.signer.renewal.threshold | 14d |
Threshold when the signer is considered about to renew before expiration. |
| signer-cloud.server.callback.dispatch-pending-callback-events.job.cron | 0 */1 * * * * |
Cron expression scheduling the job handling pending callback events. Use - if you want to disable that. |
| signer-cloud.server.callback.dispatch-pending-callback-events.job.limit | 100 | Limit how many entries are processed in a single run. |
| signer-cloud.server.callback.cleanup-callback-events.job.cron | 0 */5 * * * * |
Cron expression scheduling the job handling expired callback events. Use - if you want to disable that. |
| signer-cloud.server.callback.rerun-stale-callback-events.job.cron | 0 */5 * * * * |
Cron expression scheduling the job rerun staled callback events. Use - if you want to disable that. |
| signer-cloud.server.callback.expired.url | empty | Callback URL. |
| signer-cloud.server.callback.expired.max-attempts | 1 | Maximum number of callback attempts. |
| signer-cloud.server.callback.expired.retention-period | 30d |
Retention period of the callback event. |
| signer-cloud.server.callback.expired.initial-backoff | 2s |
Initial backoff between callback attempts. |
| signer-cloud.server.callback.renewed.url | empty | Callback URL. |
| signer-cloud.server.callback.renewed.max-attempts | 1 | Maximum number of callback attempts. |
| signer-cloud.server.callback.renewed.retention-period | 30d |
Retention period of the callback event. |
| signer-cloud.server.callback.renewed.initial-backoff | 2s |
Initial backoff between callback attempts. |
| signer-cloud.server.callback.max-backoff | 32s |
Maximum possible backoff period between successive attempts. |
| signer-cloud.server.callback.backoff-multiplier | 1.5 | Multiplier used to calculate the backoff period. |
| signer-cloud.server.callback.force-rerun-period | empty | Period after which a Callback Event is considered stale and should be dispatched again. The default value is computed as a function of configured HTTP timeouts. |
| signer-cloud.server.callback.failure-threshold | 200 | Number of allowed Callback Events failures in a row. When the threshold is reached, no other events with the same Callback configuration will be posted.-1 means that the threshold is disabled. |
| signer-cloud.server.callback.failure-reset-timeout | 60s | Period after which a Callback Event will be dispatched even though the failure threshold is reached. |
| signer-cloud.server.callback.http-proxy-enabled | false |
Enable/disable HTTP proxy for callback requests. |
| signer-cloud.server.callback.http-proxy-host | 127.0.0.1 |
HTTP proxy host. |
| signer-cloud.server.callback.http-proxy-port | 8080 |
HTTP proxy port. |
| signer-cloud.server.callback.http-proxy-username | empty | HTTP proxy username. |
| signer-cloud.server.callback.http-proxy-password | empty | HTTP proxy password. |
| signer-cloud.server.callback.http-connection-timeout | 5s |
Timeout for establishing HTTP connection. |
| signer-cloud.server.callback.http-response-timeout | 60s |
Timeout for receiving HTTP response. |
| signer-cloud.server.callback.http-max-idle-time | 200s |
Maximum time HTTP connection can remain idle. |
| signer-cloud.server.callback.thread-pool-core-size | 1 | Number of core threads in the thread pool. |
| signer-cloud.server.callback.thread-pool-max-size | 2 | Maximum number of threads in the thread pool. |
| signer-cloud.server.callback.thread-pool-queue-capacity | 1000 | Queue capacity of the thread pool. |
| signer-cloud.server.security.auth.type | OAUTH2 |
Authentication type. |
| spring.security.oauth2.resource-server.jwt.issuer-uri | empty | URL of the authorization server. |
| spring.security.oauth2.resource-server.jwt.audiences | empty | A comma-separated list of allowed aud JWT claim values to be validated. |
Certification Authority
TODO
Last updated on Sep 17, 2025 (05:54)
Edit on Github
Send Feedback