How to activate a worker correctly

[laimujun]

我按照官方文档的指引，去激活一个worker，报错如下：

Failed: org.cesecore.keys.token.CryptoTokenOfflineException: java.net.UnknownHostException: zhangsan.vault.azure.net: Name or service not known

My worker configuration is as follows:

`# Sample configuration of an Azure Key Vault crypto worker

Type of worker and implementation

WORKERGENID1.TYPE=CRYPTO_WORKER
WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker

Uses an Azure cloud key vault

WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.AzureKeyVaultCryptoToken

Name for other workers to reference this worker:

WORKERGENID1.NAME=CryptoTokenAzureKeyVault

Key vault name (required)

WORKERGENID1.KEY_VAULT_NAME=zhangsan

Key vault client ID (required)

WORKERGENID1.KEY_VAULT_CLIENT_ID=zhangsan

Key vault type (either of "standard", or "premium") (required)

WORKERGENID1.KEY_VAULT_TYPE=standard
#WORKERGENID1.KEY_VAULT_TYPE=premium

Optional password (client credentials) for the key vault. If specified the token is "auto-activated".

#WORKERGENID1.PIN=zhangsan123

One key to test activation with is required. If this key does not already

exist generate it after the worker has been created.

WORKERGENID1.DEFAULTKEY=zhangsan123
WORKERGENID1.KEYSTORETYPE=PKCS12`

my Authentication Code：admin123

Can someone help me see where I'm going wrong? Thank you

For beginners, the official documentation is not very friendly to the specific operation and common errors, where can I get more detailed documentation information?

[mlundblad]

Hi!

Yes, I think the issue here is that only specify the key vault name with no dots, in this case the implementations assumes the host is in the default domain, vault.azure.net.

I think in your case maybe you're using an Azure tennant created for China?
In this case, I believe you need to specify the full host name as the KEY_VAULT_NAME.

I'm not sure what the full domain name would be for the China one. I think this should be mentioned in the Azure documentation.

But, yes maybe we should include some common examples for this as well!

[mlundblad]

So, in this case it would be something like:

KEY_VAULT_NAME=zhangsan.the.azure.domain (but with the actual domain name part after the first dot).

[mlundblad]

And also, KEYSTORETYPE is not used by the Azure crypto token (that is a property used by the KeyStoreCryptoToken), so that is ignored in the context.