Amadis
Secure Backend - Certificates
Certificates are used to secure exchanges between the secure client and the secure backend. They are part of the TLS and mutual authentication requirements.
On the backend side, 3 items are required:
The CA root certificate
The backend certificate (signed with CA root)
The backend key
Version 1.0.x
For the 1.0.x series, the keys and certificates need to be organised in this fashion:
A fullchain.pem file which is the concatenation of the backend certificate and the CA root certificate
A privkey.pem file which is the backend key
Those files should be (re)placed in the Dockers/SAMDeployment/Server/resources/
directory.
Version 1.1.x
On version 1.1.x of the backend things changed a bit. The keys and certificates need to be organised in the following fashion:
A ca.pem file which is the CA root certificate
A cert.pem file which is the backend certificate
A cert.key file which is the backend key
Those files need to be installed into the HTTP / Caddy container, inside the /etc/ssl/caddy
directory. To do so you can, amongst other methods, either mount a host’s local directory with docker-compose to overwrite it or simply copy some host’s local file inside the container.
Example of how to overwrite the container directory by mounting a volume:
http:
...
volumes:
...
- /dir/on/host:/etc/ssl/caddy
Example of how to copy data into the (running) container:
docker cp <file> http:/etc/ssl/caddy/<file>
The server files have different names when used in the server and in the secure client.
But:
ca.pem
is the exact same file assc_ca.pem
cert.prem
is the exact same file assc_server.crt