Onboarding Checklist- Test Environment part 5 and 6

[IvarsAkmentins]

Hi,

I am trying to run locally DGC Gateway. And for testing, I am stuck on part 5 and 6

Create an Document Signer Certificate and sign it by the CSCA Create an CMS Package with the following Command: onboarding checklist

on part 5 I tried using dgc-cli with dgc signing sign, but I can't use generated file to sign with upload certificate.

Can you please provide example on how to create valid certificate to use for /signerCertificate?

Thank you in advance.

[IvarsAkmentins]

For now, i got it working this way:

5.a. signed with csca using dgc-cli dgc signing sign -c ../csca/pub.pem -k ../csca/key-unenc.pem -i .\doc-cert.pem -o csca-signed.p7b 5.b. exported from csca-signed.p7b .cer file and converted to PEM using openssl x509 -in .\csca-signed.cer -inform DER -outform PEM -out csca-signed.pem

6. signed with UPLOAD dgc signing sign -c ../upl/pub.pem -k ../upl/key-unenc.pem -i .\csca-signed.pem -o upl-signed.p7b

[psavva]

Hi @IvarsAkmentins Do you by any chance have all steps required prior to step 5? ie: Generate the DSC Key and Cert.

[IvarsAkmentins]

Hi @psavva Locally I did with these steps

1. created self signed certificates for authorization, csca, upload (using config templates veidošanā https://github.com/eu-digital-green-certificates/dgc-participating-countries/blob/main/gateway/CertificatePreperation.md) calling openssl req -x509 -new -days 730 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -extensions ext -keyout privkey.pem -nodes -out pub.pem -config config.conf
2. signed with trustanchor dgc ta sign -c ../trust-anchor-cert.pem -k ../trust-key-unenc.pem -i ./pub.pem
3. add infomation from trustanchor to gateway db
4. generated dsc using config template openssl req -x509 -new -days 730 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -extensions ext -keyout privkey.pem -nodes -out pub.pem -config config.conf
5. signed with csca openssl pkcs12 -export -out my_cert.pfx -inkey ..\csca\privkey.pem -in ..\csca\pub.pem -certfile .\pub.pem

Hope this helps.

[psavva]

Thank you very much, It looks i'm doing this right :) I am still not able to validate my certificate for Cyprus.

Carrying on with debugging

[daniel-eder]

Closing this - if it is not yet resolved, please comment and I will reopen