Type 2a) Scripted Initial Configuration with Existing Certificate¶
The following step-by-step instructions will guide you through the scripted initial configuration if you already have a sedex participant certificate and the corresponding keystore (P12 file).
Warning: Execute Initial Configuration only once
The initial configuration must be executed exactly once, before the very first start of the sedex Client container.
If an initial configuration is performed again later, misconfigurations can result and in the worst case important data such as keystores or sedex messages could be lost.
There is a special initialization script contained in the sedex Client Docker container specifically for this initial configuration. The initialization script creates the init.conf file from the passed environment variables.
Step 1: Locate the P12-file and its password¶
You have to pass the content of the keystore (P12-file) as a base64-encoded string parameter to the init-script.
In a Linux console, the contents of the keystore file can be translated into the required base64-encoded format as follows:
$ cat YOUR-CERTIFICATE-FILE.p12 | base64 -w 0
$ cat /home/data/credentials/1-1234-1.p12 | base64 -w 0
Resulting output:
MIIHdgIBAzCCBzwGCSqGSIb3DQEHAaCCBy0EggcpMIIHJTCCA+8GCSqGSIb3DQEHBqCCA+AwggPc
AgEAMIID1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIRYqcETINPCICAggAgIIDqJno8zFy
[...]
cDZCr7zStk1IBaD7WoHQqRmvlM9qJJrZsELaTflLcfo43GWGDiwX+OqTD0xo3J/EmVJ8fat/yKsM
4lnSpDFaMCMGCSqGSIb3DQEJFTEWBBTPLjUs7MQ16yQIA6BqTg4C6uxj9jAzBgkqhkiG9w0BCRQx
Jh4kAEMAbABpAGUAbgB0ACAAQwBlAHIAdABpAGYAaQBjAGEAdABlMDEwITAJBgUrDgMCGgUABBSF
i3kuzz/2qGFiSHGVmHe+aHbm2wQIs0UZdpNO54oCAggA
Keep your private key secret!
Since this string contains the private key of the sedex participant, this string and the corresponding password must be kept secret. This content and the corresponding password must not be visible to unauthorized persons at any time.
Step 2: Run the script¶
Run the initialization script using following options to the docker run
command:
--rm
- Automatically remove the container when it exits/path/to/sedex-interface
- The path to the host's "sedex-interface" directory (containing the persisted data)/path/to/sedex-data
- The path to the host's "sedex-data" directory (containing the persisted data)SEDEX_ID
- environment variable holding the participant's sedex IDSEDEX_KEYSTORE
- Environment variable holding the content of the keystore file (P12) in base64-encoded formatSEDEX_KEYSTORE_PASSWORD
- Environment variable holding the password to the keystore fileOUTGOING_WEB_PROXY_HOST
- Optional environment variable holding the HTTP proxy hostOUTGOING_WEB_PROXY_PORT
- Optional environment variable holding the HTTP proxy portOUTGOING_WEB_PROXY_USER
- Optional environment variable holding the HTTP proxy userOUTGOING_WEB_PROXY_PASSWORD
- Optional environment variable holding the HTTP proxy passwordSEDEX_WSPROXY_START
- Optional environment variable that can be set to false, if your installation will not use the sedex Webservice Proxy functionality (default value is true)
The following command initializes the container:
$ docker run \
--rm \
--mount type=bind,source=/path/to/sedex-interface,destination=/sedex-interface/ \
--mount type=bind,source=/path/to/sedex-data,destination=/sedex-data/ \
--env SEDEX_ID=YOUR-SEDEX-ID \
--env SEDEX_KEYSTORE=CONTENT-OF-YOUR-CERTIFICATE-FILE \
--env SEDEX_KEYSTORE_PASSWORD=YOUR-PASSWORD \
sedexch/sedex-client:container-1.1 init-script-existing-cert.sh
$ docker run \
--rm \
--mount type=bind,source=/home/data/sedex-interface-1-1234-1,destination=/sedex-interface/ \
--mount type=bind,source=/home/data/sedex-data-1-1234-1,destination=/sedex-data/ \
--env SEDEX_ID=1-1234-1 \
--env SEDEX_KEYSTORE=MIIHdgIBAzCCBzwGCSqGSIb3DQEHAaCCBy0EggcpMII[.....]wQIs0UZdpNO54oCAggA \
--env SEDEX_KEYSTORE_PASSWORD=ALFJZIPNXG \
sedexch/sedex-client:container-1.1 init-script-existing-cert.sh
If the initialization script executes without errors, there will be a ready-to-use folder structure in the two permanent storage folders "sedex-interface" and "sedex-data". If there are errors in the configuration, you will usually get a hint as to where the error might be.
Now everything is ready to run the sedex Client Docker container. So you can continue with Phase 2 - Run.