readme section about database more verbose now

9c6bc9d1 · Tobias Assmann · 40d9dbed · 9c6bc9d1
Commit 9c6bc9d1 authored Dec 11, 2019 by Tobias Assmann
--- a/for_deployment-package/eid-server/README.md
+++ b/for_deployment-package/eid-server/README.md
@@ -12,7 +12,7 @@ Edit the `poseidas/config/poseidas.xml` file accourding to your environment:
 * Replace `TARGET_DOMAIN` with the real domain of the project (ServerUrl and PaosReceiverURL)

 ### Add terminal certificates
-The database contains pre defined certificates. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database).
+The database contains pre defined certificates matching the domain `docker.reqesidta.de`. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database).

 ## Edit config for docker-compose
 Edit the `docker-compose.yml` file accourding to your environment:
@@ -42,8 +42,9 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
 ```

 ## POSeIDAS Database
-The pre-configuration of POSeIDAS matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles`.
-The database must be edited, if own certificates should be used.
+The pre-configuration of the POSeIDAS database matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles` and the TLS certificate which can be found under `/docker/facade/docker.reqesidta.de.cert`.
+
+The database content must be changed, if an other terminal certificate should be used.

 To make changes in the database, the docker container `reqesidta_poseidas` first must be stopped.
 The Database can be edited for example with [DBeaver](https://dbeaver.io/).
@@ -51,20 +52,20 @@ The Database can be edited for example with [DBeaver](https://dbeaver.io/).
 Please look up the credentials for opening the database in the file `/poseidas/config/application.properties`.

 The following data needs to be present in the database:
-* terminal certificate (in ISO 7816 TLV binary format)
-* private-key (PKCS 8 without password)
-* sector-id (only relevant if the client is using PersoSim)
-* certificate-chain (in ISO 7816 TLV binary format)
+* the terminal certificate (in ISO 7816 TLV binary format)
+* the private-key of the terminal certificate (PKCS 8 without password)
+* the sector-id (aka. sector-key) of the terminal certificate (public key data object in binary format)
+* the certificate-chain of the terminal certificate (in ISO 7816 TLV binary format)

 Use the following tables for replacing the pre-configured data with your own:
 * TERMINALPERMISSION
  * _CVC_: terminal certificate
-  * _CVCPRIVATEKEY_: private-key
-  * _SECTORID_: sector-id
-  * _CVCDESCRIPTION_: terminal description
+  * _CVCPRIVATEKEY_: private key of the terminal certificate
+  * _SECTORID_: sector-key of the terminal certificate
+  * _CVCDESCRIPTION_: description of the terminal certificate
 * CERTINCHAIN
-  * every certificate of the certificate-chain
-    * starting with the root certitifcate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
+  * every certificate from the certificate chain of the terminal certificate:
+    * starting with the root certificate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
    * if intermediate certificates exist, increase the value for _POSINCHAIN_ and put the certificate in _DATA_

 This data must be referenced using a key in _REFID_.