Where to put p12 files

[syats]

Hi all,

I have a question regarding the open-core broker. If I have my own p12 certificates to use with DAPS, where should I place these? Also related, how do I configure the client-name for my broker?

In particular I have:

1. A .p12 certificate for the hostname central-core
2. Have setup the following two env variable in the docker-compose:

   - COMPONENT_URI=http://central-core:8282/
   - COMPONENT_CATALOGURI=http://central-core:8282/connectors/

3. Made a POST request to http://central-core:8282/infrastructure

And I get this in the logs:

central-core     | Caused by: java.io.IOException: Unable to retrieve DAPS token (response code: 400) 
central-core     |  Response: {"error":"invalid_client","error_description":"Client unknown"}

I believe my p12 is not properly being recognized.

Any advise will be appreciated.

[NehaThawani44]

@syats you will have to put the p12 file in jks format on the server that you are running it. So at first you will have to convert it to jks format and then place it in the following mentioned path.

[syats]

Thanks,

So I understand correctly that the certificate used for DAPS is the same one used for TLS termination by the reverse proxy? We will try the solution and update issue accordingly, thanks.

[sebbader]

Hello @syats, that's a very good point you raise. Generally speaking, and I am repeating the experts here, the IDS Identity Certificate (which is used for the DAPS) should not be used for the TLS encryption. The IDS Identity Certificate is harder to replace in case the private part gets lost (I think that was the explanation).

[NehaThawani44]

@sebbader @syats Closing this issue for now, let us know if you need more information on this further.