Commit 9c6bc9d1 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

readme section about database more verbose now

parent 40d9dbed
......@@ -12,7 +12,7 @@ Edit the `poseidas/config/poseidas.xml` file accourding to your environment:
* Replace `TARGET_DOMAIN` with the real domain of the project (ServerUrl and PaosReceiverURL)
### Add terminal certificates
The database contains pre defined certificates. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database).
The database contains pre defined certificates matching the domain `docker.reqesidta.de`. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database).
## Edit config for docker-compose
Edit the `docker-compose.yml` file accourding to your environment:
......@@ -42,8 +42,9 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
```
## POSeIDAS Database
The pre-configuration of POSeIDAS matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles`.
The database must be edited, if own certificates should be used.
The pre-configuration of the POSeIDAS database matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles` and the TLS certificate which can be found under `/docker/facade/docker.reqesidta.de.cert`.
The database content must be changed, if an other terminal certificate should be used.
To make changes in the database, the docker container `reqesidta_poseidas` first must be stopped.
The Database can be edited for example with [DBeaver](https://dbeaver.io/).
......@@ -51,20 +52,20 @@ The Database can be edited for example with [DBeaver](https://dbeaver.io/).
Please look up the credentials for opening the database in the file `/poseidas/config/application.properties`.
The following data needs to be present in the database:
* terminal certificate (in ISO 7816 TLV binary format)
* private-key (PKCS 8 without password)
* sector-id (only relevant if the client is using PersoSim)
* certificate-chain (in ISO 7816 TLV binary format)
* the terminal certificate (in ISO 7816 TLV binary format)
* the private-key of the terminal certificate (PKCS 8 without password)
* the sector-id (aka. sector-key) of the terminal certificate (public key data object in binary format)
* the certificate-chain of the terminal certificate (in ISO 7816 TLV binary format)
Use the following tables for replacing the pre-configured data with your own:
* TERMINALPERMISSION
* _CVC_: terminal certificate
* _CVCPRIVATEKEY_: private-key
* _SECTORID_: sector-id
* _CVCDESCRIPTION_: terminal description
* _CVCPRIVATEKEY_: private key of the terminal certificate
* _SECTORID_: sector-key of the terminal certificate
* _CVCDESCRIPTION_: description of the terminal certificate
* CERTINCHAIN
* every certificate of the certificate-chain
* starting with the root certitifcate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
* every certificate from the certificate chain of the terminal certificate:
* starting with the root certificate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
* if intermediate certificates exist, increase the value for _POSINCHAIN_ and put the certificate in _DATA_
This data must be referenced using a key in _REFID_.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment