Skip to content
Swiss federal authorities

Operational Questions

Q: Where can the sedex-Client be downloaded?πŸ”—

A: Download the latest version of the sedex-Client from here.

Q: How is the sedex-Client installed?πŸ”—

A: Instructions for installing the sedex-Client are available here

Q: Where are the participant's sedex certificate and its password (e.g. to manually migration to other host)?πŸ”—

A: The certificate (.p12 file) is in sedexClientHome/conf/certificates/<sedex-ID>.p12. The corresponding password is in sedexClientHome/conf/sedex-certificate-configuration.xml.

Q: Where are the sedex-Client log files?πŸ”—

A: The sedex-Client log files are in the sedex-Client installation's logs folder.

Q: Can the sedex certificate be used outside of the sedex-Client?πŸ”—

A: No. sedex participant certificates (X.509) are dedicated certificates issued by the Swiss Government PKI (SwissGov-PKI) and are intended exclusively for use within the sedex-Client.
They serve as the basis for strong authentication of sedex participants and are automatically managed and renewed by the sedex system.

Even though it may seem convenient to reuse or extract these certificates, it is strictly prohibited to use sedex participant certificates for any purpose other than operating a sedex-Client instance.
Extracting the keystore files (.p12) or private keys is not allowed and would significantly increase the security risk of key exposure.

To prevent misuse or unauthorized repurposing, all newly issued sedex certificates (starting with sedex-Client version 8.0) are protected by a built-in mechanism that restricts external access to the keystore and private key.
This protection is permanent and cannot be disabled.

If this behavior causes compatibility issues in your environment, please contact the sedex Support Team for assistance.

Q: How can a sedex-Client be migrated to a different host (server)?πŸ”—

A: Migrating a sedex-Client installation to a different host is more complex and requires that the steps below be followed exactly.

Please pay attention to the followings before starting the migration:

  • As long as the sedex-Client is stopped, it can be installed in several places. Only one installation may run at once, otherwise an alert reporting duplicate running instances will occur.
  • A sedex-Client should only be migrated after the old sedex-Client no longer needs to be started. If the old sedex-Client is restarted, the migrated data will be obsolete and may result in lost messages.
  • Warnings

To migrate a sedex-Client to a new server:

  1. Stop the sedex-Client using the /bin/sedex-client-stop script or with the operating system's services tool.

  2. If the sedex-Client is running as a Windows service, uninstall the Windows service as follows:

    • Run the sedexClientHome/bin/sedex-client-uninstallWindowsService.bat script as administrator.
    • A console window briefly opens and closes.

  3. Back up the entire sedex-Client installation into a Zip file.

  4. Save the following data that needs to be migrated:

    • The interface directories and any files they contain (inbox, outbox, receipts, processed).
    • The log files.
    • The sedex certificate (.p12 file) located in sedexClientHome/conf/certificates/<sedex-ID>.p12.

    • The certificate's password found in sedexClientHome/conf/sedex-certificate-configuration.xml. 

      [...]
<privateCertificate>
  <location>${sedex.home}/conf/certificates/3-CH-99999.p12</location>
  <password>ABCDE12345</password>
 </privateCertificate>
[...]

      Warning

      If several blocks are present, please save all .p12 files and all corresponding passwords!

  5. Move the Zip file to the new host.

  6. Extract the Zip file into the same directory structure as on the old host.

  7. If sedex-Client's root or home directory are different, edit the necessary configuration files.

    • /conf/sedex-client-configuration.properties

  8. Start the sedex-Client as a standalone application. Run the sedexClientHome/bin/sedex-client-start.bat script (no administrator rights are required).

  9. Check the console and logs for errors.
  10. If there are no errors, stop the sedex-Client. Run the sedexClientHome/bin/sedex-client-stop.bat script (no administrator rights required)

  11. Ideally, migrate to the newest version of the sedex-Client

    Info

    The sedex-Client must be in an operational state before updating/migrating. A manual start as a standalone application is highly recommended in order to check that the sedex-Client runs correctly. While it is possible to migrate a non-functional sedex-Client installation, the migrated installation will most likely not work either.

  12. If desired, install the Windows service.

    • Run the sedexClientHome/bin/sedex-client-installWindowsService.bat script as administrator.
    • A console window appears opens and then closes.

  13. The migration is complete.