Problem
I have forgotten the PIN code of the Security Server and I am not able to log in to the software token anymore.
The PIN code is used to protect the keys stored in the software token. The PIN must be stored in a secure place, because it will be no longer possible to use or recover the private keys in the token once the PIN is lost.
The PIN code cannot be recovered, but it can be reset. However, reseting the PIN code means that new sign and authentication keys must be generated. In addition, new certificates for all the new keys must be requested and configured.
More information about security tokens, keys and certificates is available at
Solution
- Connect to the Security Server using SSH.
Switch to the xroad user using sudo.
$ sudo su - xroad
Initialize the software token using signer-console. In practise, this means reseting the PIN code. After this step the keys generated with the old PIN code cannot be used anymore.
$ signer-console init-software-token PIN: retype PIN:
- Log off from the server and log in to the Security Server admin console at https://{HOST}:4000.
- Configure the signing key and certificate for the Security Server owner (instructions).
- Configure the authentication key and certificate for the Security Server (instructions).
- Register the authentication certificate (instructions).
- Configure the signing key and certificate for each Security Server client (instructions).
Related articles