ZoneZipFileServerSideSigner
The ZoneZipFileServerSideSigner signer has the fully qualified class name: org.signserver.module.dnssec.signer.ZoneZipFileServerSideSigner
Overview
The ZoneZipFileServerSideSigner signer can be used to sign a Domain Name System (DNS) zone file contained in a zip file, using DNS Security Extensions (DNSSEC).
The ZoneZipFileServerSideSigner is similar to the ZoneFileServerSideSigner with the difference that this signer uses the input of a zip file containing an unsigned zone file and a previously signed zone file. Depending on the request metadata property FORCE_RESIGN, signatures present in previously signed zone files are reused if they are valid, and only new records are signed.
Available Properties
Required Property | Description |
|---|---|
ACTIVE_KSKS | Specifies the active key signing keys to use. Must specify exactly 1 or 2 key aliases, comma-separated. Example: |
ZONE_NAME | Specifies the name of the top-level zone in the zone file. Example: |
ZSK_KEY_ALIAS_PREFIX | Specifies the key alias prefix to use for zone signing. The key used is based on the prefix with the key sequence number appended. Example: |
Property | Description |
DISABLEKEYUSAGECOUNTER | Disables the key usage counter. As the key usage counter is not supported by this signer, if set, only the value true is supported. |
NSEC3_SALT | (Optional) Specifies the fixed, HEX-encoded salt (64-bit value) to use instead of a random salt for testing/troubleshooting purposes. Example: |
PUBLISH_PREVIOUS_ZSK | (Optional) Specifies if the previous ZSK (if one) should be kept published. Default: True. |
SIGNATUREALGORITHM | Specifies the signature algorithm to use for all signatures. Only SHA1withRSA, SHA256withRSA, and SHA512withRSA are supported. All signature algorithms map to DNSSEC algorithms using NSEC3. Default: SHA256withRSA |
Request Parameters
Property | Description |
|---|---|
FORCE_RESIGN | Specifies whether to resign previously signed records even if their signatures are valid and present in the signed zone file. Default: False. |
ZSK_SEQUENCE_NUMBER | Specifies the sequence number to append after key alias prefix. Example: |