Limiting the number of signatures

By default SignServer keeps track of the number of signings performed with each key, by holding counters in the database that are updated for each signing. The following worker properties control the key usage counter:

Property

Description

KEYUSAGELIMIT

Specifies the number of signatures allowed to be created with the same key by this worker. Default is -1 = no limit.

After the limit has been reached, the worker is considered offline.

images/s/en_US/8100/b0984b7297905b7c7bd946458f753ce0130bfc8c/_/images/icons/emoticons/warning.svg Note that the counter is per key and not per worker. Thus, if multiple workers share the same key they will all increment the counter. This also means that the worker will be active again after it has gotten a new certificate/key.

DISABLEKEYUSAGECOUNTER

By default, all key usages are counted, but by specifying this as TRUE, key usages performed by this worker will not be counted. Disabling the key usage counter can improve performance, as it means less database transaction. However, if you have requirements on the number of allowed signings for one worker, ensure not to use the same key with another worker for which the counter is disabled, as those uses will then be missed.

images/s/en_US/8100/b0984b7297905b7c7bd946458f753ce0130bfc8c/_/images/icons/emoticons/warning.svg The key usage counter cannot be disabled for a worker if KEYUSAGELIMIT is also specified.