Skip to content

Type 2a) Scripted Initial Configuration with Existing Certificate

The following step-by-step instructions will guide you through the scripted initial configuration if you already have a sedex participant certificate and the corresponding keystore (P12 file).

Warning: Execute Initial Configuration only once

The initial configuration must be executed exactly once, before the very first start of the sedex Client container.

If an initial configuration is performed again later, misconfigurations can result and in the worst case important data such as keystores or sedex messages could be lost.

There is a special initialization script contained in the sedex Client Docker container specifically for this initial configuration. The initialization script creates the init.conf file from the passed environment variables.

Step 1: Locate the P12-file and its password

You have to pass the content of the keystore (P12-file) as a base64-encoded string parameter to the init-script.

In a Linux console, the contents of the keystore file can be translated into the required base64-encoded format as follows:

$ cat YOUR-CERTIFICATE-FILE.p12 | base64 -w 0

$ cat /home/data/credentials/1-1234-1.p12 | base64 -w 0

Resulting output:

MIIHdgIBAzCCBzwGCSqGSIb3DQEHAaCCBy0EggcpMIIHJTCCA+8GCSqGSIb3DQEHBqCCA+AwggPc
AgEAMIID1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIRYqcETINPCICAggAgIIDqJno8zFy
[...]
cDZCr7zStk1IBaD7WoHQqRmvlM9qJJrZsELaTflLcfo43GWGDiwX+OqTD0xo3J/EmVJ8fat/yKsM
4lnSpDFaMCMGCSqGSIb3DQEJFTEWBBTPLjUs7MQ16yQIA6BqTg4C6uxj9jAzBgkqhkiG9w0BCRQx
Jh4kAEMAbABpAGUAbgB0ACAAQwBlAHIAdABpAGYAaQBjAGEAdABlMDEwITAJBgUrDgMCGgUABBSF
i3kuzz/2qGFiSHGVmHe+aHbm2wQIs0UZdpNO54oCAggA

Keep your private key secret!

Since this string contains the private key of the sedex participant, this string and the corresponding password must be kept secret. This content and the corresponding password must not be visible to unauthorized persons at any time.

Step 2: Run the script

Run the initialization script using following options to the docker run command:

  • --rm - Automatically remove the container when it exits
  • /path/to/sedex-interface - The path to the host's "sedex-interface" directory (containing the persisted data)
  • /path/to/sedex-data - The path to the host's "sedex-data" directory (containing the persisted data)
  • SEDEX_ID - environment variable holding the participant's sedex ID
  • SEDEX_KEYSTORE - Environment variable holding the content of the keystore file (P12) in base64-encoded format
  • SEDEX_KEYSTORE_PASSWORD - Environment variable holding the password to the keystore file
  • OUTGOING_WEB_PROXY_HOST - Optional environment variable holding the HTTP proxy host
  • OUTGOING_WEB_PROXY_PORT - Optional environment variable holding the HTTP proxy port
  • OUTGOING_WEB_PROXY_USER - Optional environment variable holding the HTTP proxy user
  • OUTGOING_WEB_PROXY_PASSWORD - Optional environment variable holding the HTTP proxy password
  • SEDEX_WSPROXY_START - Optional environment variable that can be set to false, if your installation will not use the sedex Webservice Proxy functionality (default value is true)

The following command initializes the container:

  $ docker run \
   --rm \
   --mount type=bind,source=/path/to/sedex-interface,destination=/sedex-interface/ \
   --mount type=bind,source=/path/to/sedex-data,destination=/sedex-data/ \
   --env SEDEX_ID=YOUR-SEDEX-ID \
   --env SEDEX_KEYSTORE=CONTENT-OF-YOUR-CERTIFICATE-FILE \
   --env SEDEX_KEYSTORE_PASSWORD=YOUR-PASSWORD \
   sedexch/sedex-client:container-1.1 init-script-existing-cert.sh

  $ docker run \
   --rm \
   --mount type=bind,source=/home/data/sedex-interface-1-1234-1,destination=/sedex-interface/ \
   --mount type=bind,source=/home/data/sedex-data-1-1234-1,destination=/sedex-data/ \
   --env SEDEX_ID=1-1234-1 \
   --env SEDEX_KEYSTORE=MIIHdgIBAzCCBzwGCSqGSIb3DQEHAaCCBy0EggcpMII[.....]wQIs0UZdpNO54oCAggA \
   --env SEDEX_KEYSTORE_PASSWORD=ALFJZIPNXG \
   sedexch/sedex-client:container-1.1 init-script-existing-cert.sh

If the initialization script executes without errors, there will be a ready-to-use folder structure in the two permanent storage folders "sedex-interface" and "sedex-data". If there are errors in the configuration, you will usually get a hint as to where the error might be.

Now everything is ready to run the sedex Client Docker container. So you can continue with Phase 2 - Run.