Closed psavva closed 3 years ago
@SchulzeStTSI Do we have this documented already somewhere?
Hi,
As per the guide, please can steps be given for the following certificates:
Also please provide the commands to generate the PEM formats to send the certificates to the contact of the Test Operator.
I think it should be published here? https://github.com/eu-digital-green-certificates/dgc-participating-countries/blob/main/gateway/CertificatePreperation.md
Again, thank you very much and best regards Panayiotis Savva
@FayR-DTSEC or @dirkx can you help @psavva here?
Hi All,
A full document with instructions would be extremely helpful. Please can I ask if this can be prioritised.
We are planning to start UAT testing by the 17th, and really need to ensure our end-to-end process is working, which will require the certificates to be put in place.
Thank you and best regards Panayiotis Savva
Dear Team,
Please review these scripts, and assess if anything further must be fixed/enhanced to have a fully working set of scripts to generate the required certificates.
Please note that I am failing to validate my QR Code with my current stet of Certificates, you can also see an issue opened here: https://github.com/eu-digital-green-certificates/dgca-verifier-service/issues/31
@f11h as discussed on Slack, please find the scripts below.
I'm uploading my latest Scripts which works, and tested with the DSC Certificate :)
Closing this for now - if new issues arise, please open a new issue.
I am currently looking at all the certificates that we need to generate as based on the guide within this repo. Let us start with the CSCA using a Self Signed Root CA which we could create ourselves. I am having trouble to fill in all the gaps of how exactly the Root CA must be created, the NBcsca, etc...
Example of what i'm doing:
Generate the private key of the root CA:
openssl genrsa -out rootCAKey.pem 4096
Generate the private key of the root CA:
openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 3650 -out rootCACert.pem -subj "/C=XX/ST=State/L=City/O=My Organization/OU=My Department/CN=My Root CA"
Create a NBcsca
openssl req -x509 -newkey rsa:4096 -keyout key_nbcsca.pem -out cert_nbcsca.pem -days 1460 -nodes -subj "/C=XX/ST=State/L=City/O=My Organization/OU=My Department/CN=XX DGC CSCA 1"
Export public key to Java Keystore
keytool -importcert -alias dgci_nbcsca -file cert_nbcsca.pem -keystore nbcsca.jks -storepass somesecurekeystorepassword
I think I'm missing passwords in these steps above, which think is the problem...
As per the issuance service applciation.yaml specification:
I need a
keyStorePassword
which is specified above assomesecurekeystorepassword
, however, i'm missing theprivateKeyPassword
A full list of openssl commands to depict exact steps would be most helpful, better yet, a bash/sh script to accompany it would really help people get over the bumps and complexities on creating the certificates with the right specifications from the start, leading to a much smoother rollout for Europe.