SecurityServer Configuration

Configuring the Security Server with JAVA_OPTS start parameter (environment properties)

You can add several start parameters to your start script or to your service wrapper. Please note that the options listed below need a prefix -D for a correct setup, e.g. -Duse.inactive.certificates=true.

Configuring the Security Server using the properties file

Another way to set you options is to use a properties file. For this a file named needs to be added to your classpath. Since your FSS subfolder conf should be added to your classpath, this is the correct place for this file. Please note that you have configured options in the properties file AND as a Java start parameter, the start parameter is taken.


There are some starting options that you might want to change:

Option Values Description
use.inactive.certificates true/false This option enables the use of inactive certificates. Default is false
check.for.signature true/false This option disables checking for signatures. Default is true
store.qes.messages true/false Whether to store incoming qes messages before and after encryption. This feature is not really used anymore. The default is therefore false
use.rule.feature true/false Activates/deactivates the post processing with rules. Default is false
verify.filter.mapping Path to properties file Define whitelist for verify errors that you want to accept! The error codes to be automatically accepted need to be defined like this
store.delete.delay integer The number of milliseconds to wait between writing a file and checking for it’s existence.
store.incoming.messages true/false This feature stores all incoming message in the ./store folder. This is needed to add virus detection. Default is false
store.incoming.messages.pre true/false This feature stores all incoming message in the store.incoming.messages.path folder BEFORE any decryption or signature verifying. Default is false
store.delete.incoming.messages true/false Extended feature to use virus scanner and propagating the result. Default is false. FSS stores a copy of every mail to the directory, giving the virus scanner the opportunity to delete the file. In such a case the FSS removes the content from the mail to avoid processing a malicious file.
store.incoming.messages.path string The folder where incoming messages and attachments will be stored. Defaults to ./store.
store.filename.maxlength Integer The maximum length of basename where stored filenames are _.
line.separator string The line separator to use for exports
security.gateway.plugins Colon separated list of plugin classes. ; With plugins you can extend the functionality of the SecurityServer.
security.gateway.import.modifier Full qualified classname of an import modifier class Processor that can handle certificates and private key during import
mailcap.handlers new-line separated strings A list of strings to load into the default javax.activation.CommandMap
cluster.node String Name of this node. Needed for FSS cluster communication.
cluster.service.period Integer Time (seconds) between polling on Database for update-recognition.
content_encryption_algorithm String The algorithm which is used for encrypting the content of an S/MIME messages. Default is AES128_CBC
key_encryption_algorithm String The algorithm which is used for asymmetric encrypting the symmetric key. Default is id_RSAES_OAEP
signing_algorithm String The algorithm which is used for signing S/MIME messages. Default is SHA256withRSAandMGF1
restore.crl.definition true/false Set this property once to migrate from version without crls to version with. Default is false
soft.crl.validation true/false Set this property if you want to activate a a soft CRL validation, meaning that it is sufficient if at least one CRL link can be accessed. Default is false
update.certificate.descriptions true/false Set this property once to update missing CRL URIs in the certificate description. Default is false
use.local.commandmap true/false Set this property if you want to use a local command map for AS/2 message generation. Default is false
scanner.type String With this property you configure whether and which scanner for virus detection is used
scanner.configuration String The configuration for a virus scanner, if needed true/false Set this property once to change the format of the thumprint in the certificate detail window to lower case. Default is false
thumprint.separator.char ':' , ' ', '' Set this property once to change separator char of the thumprint in the certificate detail window
serial.number.separator.char ':' , ' ', '' Set this property once to change separator char of the serial number in the certificate detail window
auto.sign.cert.import.from.mail true/false If enabled, the certificates used for mail signature are imported from the signed mail. The default is false
background.color String This sets the background color of the FSS UI
validityWarningDays String The number of days to show warning for private keys that are expiring soon true/false Set this property to load bouncy castle as first security provider (more secure). It might be needed to improve the generation of entropy on your system (see here). The default is true
use.oldest.certificate.for.encryption true/false If enabled and if multiple certificates / private keys are available for encryption and signature (!), the oldest will be used. If disabled (default) the newest will be used. Default is false
hsm.slot.connection.inactivity.timeout 3 (default: 10) Timeout in minutes after when an unused HSM slot connection is closed.
View Me   Edit Me