Skip to content

Type 2b) Scripted Initial Configuration with CRID and OTP

The following step-by-step instructions will guide you through the scripted initial configuration if you don't have a sedex participant certificate but received temporary credentials CRID and OTP.

Warning: Execute Initial Configuration only once

The initial configuration must be executed exactly once, before the very first start of the sedex Client container.

If an initial configuration is performed again later, misconfigurations can result and in the worst case important data such as keystores or sedex messages could be lost.

There is a special initialization script contained in the sedex Client Docker container specifically for this initial configuration. The initialization script creates the init.conf file and the P12-file from the passed environment variables.

Step 1: Run the script

Run the initialization script using following options to the docker run command:

  • --rm - Automatically remove the container when it exits
  • /path/to/sedex-interface - The path to the host's "sedex-interface" directory (containing the persisted data)
  • /path/to/sedex-data - The path to the host's "sedex-data" directory (containing the persisted data)
  • SEDEX_ID - Environment variable holding the participant's sedex id
  • SEDEX_CRID - Environment variable holding the certificate request id (CRID)
  • SEDEX_OTP - Environment variable holding the one-time password (OTP)
  • OUTGOING_WEB_PROXY_HOST - Optional environment variable holding the HTTP proxy host
  • OUTGOING_WEB_PROXY_PORT - Optional environment variable holding the HTTP proxy port
  • OUTGOING_WEB_PROXY_USER - Optional environment variable holding the HTTP proxy user
  • OUTGOING_WEB_PROXY_PASSWORD - Optional environment variable holding the HTTP proxy password
  • SEDEX_WSPROXY_START - optional environment variable that can be set to false, if your installation will not use the sedex Webservice Proxy functionality (default value is true)

The following command initializes the container:

  $ docker run \
   --rm \
   --mount type=bind,source=/path/to/sedex-interface,destination=/sedex-interface/ \
   --mount type=bind,source=/path/to/sedex-data,destination=/sedex-data/ \
   --env SEDEX_ID=YOUR-SEDEX-ID \
   --env SEDEX_CRID=YOUR-CERTIFICATE-REQUEST-ID \
   --env SEDEX_OTP=YOUR-ONE-TIME-PASSWORD \
   sedexch/sedex-client:container-1.1 init-script-new-cert.sh

  $ docker run \
   --rm \
   --mount type=bind,source=/home/data/sedex-interface-1-1234-1,destination=/sedex-interface/ \
   --mount type=bind,source=/home/data/sedex-data-1-1234-1,destination=/sedex-data/ \
   --env SEDEX_ID=1-1234-1 \
   --env SEDEX_CRID=2d-9b-31-18-68 \
   --env SEDEX_OTP=BSAH-YAKO-JGHL-KIDE \
   sedexch/sedex-client:container-1.1 init-script-new-cert.sh

If the initialization script executes without errors, there will be a ready-to-use folder structure in the two permanent storage folders "sedex-interface" and "sedex-data". If there are errors in the configuration, you will usually get a hint as to where the error might be.

Now everything is ready to run the sedex Client Docker container. So you can continue with Phase 2 - Run.