Certificate groups are valuable when one or more keys may be unavailable to an instance of ADSS Server. Such a situation may occur when PCIe HSMs, USB HSMs, tokens or smartcards are used, e.g. one token is attached to one server and another token attached to a second server.
When ADSS Server runs on each server it will identify the first certificate AND key that is available to it and use this for all requests on this server instance. A key located on the other server will therefore never be chosen. Click here for more details.
ADSS Server connection is lost with Utimaco after sometime of inactivity
If you are using the Utimaco simulator and you observe that the ADSS Server loses the connection with Utimaco then follow these instructions for a fix:
- Search for file cs_pkcs11_R2.cfg in Program Files (e.g. C:\Program Files\Utimaco\CryptoServer\Lib\cs_pkcs11_R2.cfg) and open it in edit mode
- Locate the property KeepAlive and set its value to true (KeepAlive = true)
- Save the file and restart the Utimaco Simulator for the changes to take effect
- Now restart the ADSS Server from Server Manager so it can establish the connection with HSM.