Skip to content

Configure system settings

Settings allows you to configure system settings for your ActiveServer instance. Settings has 3 tabs:

3D Secure 2

The 3D Secure 2 tab has 2 sections:


  • External URL - externally accessible URL, used for authentication callbacks and product activation.
  • API URL - URL used to generate client certificates for the APIs and receive API requests. If it is not provided by default it will use the domain name in the External URL for client certificate generation. Please note this URL does not have to be publicly accessible.
  • Cache refresh interval - interval in which the PRes cache refreshes for all available card schemes. The PReq/PRes messages are utilised by ActiveServer to cache information about the Protocol Version Numbers(s) supported by available ACSs, the DS, and also any URL to be used for the 3DS Method call. The data will be organised by card range as configured by a DS. The information provided on the Protocol Version Number(s) supported by ACSs and the DS can be utilised in the App-based, Browser-based and 3RI flows. It is a 3DS2 specification requirement that this exchanges happens at least once every 24 hours and at most every hour.


  • Preparation Response (PRes) - timeout interval for the PRes message
  • Authentication Response (ARes) - timeout interval for the ARes message
  • Challenge Response (CRes) - timeout interval for the CRes message


  • Session timeout (read only) - interval a login session is valid for before expiring and requiring the user to enter their login credentials again. By default, the session timeout value is 900 sec (15 min) and is loaded from an internal setting. To change this setting, add the following line into the file and restart the instance:

    as.settings.session-timeout={time in seconds}

    For example, to set the session timeout to 1800 seconds (30 minutes), add as.settings.session-timeout=1800.


    The value must be a positive integer in the range of 300 ~ 3600 seconds (5 ~ 60 minutes).

  • Session failed attempts - number of failed login attempts permitted before login is temporarily disabled for the time specified by the session lock time. After the time has elapsed, the session can be re-established by providing the correct credentials (unit: attempts)

  • Session lock time - interval a user will be locked out for if they exceed the failed login attempts amount (unit: minutes)
  • Password expiry period - number of days a password is valid for before requiring a new password to be created (unit: days)
  • Password history check - number of unique passwords required to be used before a specific password can be used again (unit: unique passwords)
  • Force two factor login - enable or disable two factor authentication for login for all users on the server. ActiveServer uses Google Authenticator to provide two factor authentication for users. If this setting is enabled, any user who does not have two factor authentication already set up for their account will be forced to set it up on their next login before being able to use any system functionality. Steps to set up the Google Authenticator are provided on screen.

Rotate key

Shows the current encryption key's creation date and allows the user to rotate the key used by selecting Rotate key.


This feature allows the user to update the HSM PIN if it has been changed:

  • Full file name and path of PKCS#11 library - this value is read from the and can only be changed by updating the file and restarting the server.
  • Slot number of HSM - this value is read from the and can only be changed by updating the file and restarting the server.
  • HSM PIN - allows the new HSM PIN to be entered.

Selecting the Test HSM connection button will attempt to connect to the HSM using the inputted HSM PIN. If the test is successful, the system will show "HSM connection successful", otherwise "Invalid HSM Pin" will be shown.

Selecting the Update button will update the database with the HSM PIN value. Restarting the server is required after updating.


The system will update the HSM PIN regardless of the test result. This is to allow the PIN to be updated in the ActiveServer database before the HSM PIN is changed if required. Please make sure the right PIN is entered before updating the system, as having the wrong HSM PIN will cause transactions to fail.


The HSM PIN management will only be shown if a HSM is in use.

Version 1.0.4

This feature was added in the version 1.0.4 release.


  • Log level - verbosity of the console output and system logs. Possible values in least verbose to most verbose order: ERROR > INFO > DEBUG.