Commit 9c6bc9d1 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

readme section about database more verbose now

parent 40d9dbed
...@@ -12,7 +12,7 @@ Edit the `poseidas/config/poseidas.xml` file accourding to your environment: ...@@ -12,7 +12,7 @@ Edit the `poseidas/config/poseidas.xml` file accourding to your environment:
* Replace `TARGET_DOMAIN` with the real domain of the project (ServerUrl and PaosReceiverURL) * Replace `TARGET_DOMAIN` with the real domain of the project (ServerUrl and PaosReceiverURL)
### Add terminal certificates ### Add terminal certificates
The database contains pre defined certificates. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database). The database contains pre defined certificates matching the domain `docker.reqesidta.de`. If you don't want to use them, replace them with your data after deployment, see [POSeIDAS Database](#POSeIDAS-Database).
## Edit config for docker-compose ## Edit config for docker-compose
Edit the `docker-compose.yml` file accourding to your environment: Edit the `docker-compose.yml` file accourding to your environment:
...@@ -42,8 +42,9 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \ ...@@ -42,8 +42,9 @@ docker exec reqesidta_ejbca /usr/local/bin/ejbca-config.sh && \
``` ```
## POSeIDAS Database ## POSeIDAS Database
The pre-configuration of POSeIDAS matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles`. The pre-configuration of the POSeIDAS database matches PersoSim-Profiles, which can be found in the project under `/perso_sim_profiles` and the TLS certificate which can be found under `/docker/facade/docker.reqesidta.de.cert`.
The database must be edited, if own certificates should be used.
The database content must be changed, if an other terminal certificate should be used.
To make changes in the database, the docker container `reqesidta_poseidas` first must be stopped. To make changes in the database, the docker container `reqesidta_poseidas` first must be stopped.
The Database can be edited for example with [DBeaver](https://dbeaver.io/). The Database can be edited for example with [DBeaver](https://dbeaver.io/).
...@@ -51,20 +52,20 @@ The Database can be edited for example with [DBeaver](https://dbeaver.io/). ...@@ -51,20 +52,20 @@ The Database can be edited for example with [DBeaver](https://dbeaver.io/).
Please look up the credentials for opening the database in the file `/poseidas/config/application.properties`. Please look up the credentials for opening the database in the file `/poseidas/config/application.properties`.
The following data needs to be present in the database: The following data needs to be present in the database:
* terminal certificate (in ISO 7816 TLV binary format) * the terminal certificate (in ISO 7816 TLV binary format)
* private-key (PKCS 8 without password) * the private-key of the terminal certificate (PKCS 8 without password)
* sector-id (only relevant if the client is using PersoSim) * the sector-id (aka. sector-key) of the terminal certificate (public key data object in binary format)
* certificate-chain (in ISO 7816 TLV binary format) * the certificate-chain of the terminal certificate (in ISO 7816 TLV binary format)
Use the following tables for replacing the pre-configured data with your own: Use the following tables for replacing the pre-configured data with your own:
* TERMINALPERMISSION * TERMINALPERMISSION
* _CVC_: terminal certificate * _CVC_: terminal certificate
* _CVCPRIVATEKEY_: private-key * _CVCPRIVATEKEY_: private key of the terminal certificate
* _SECTORID_: sector-id * _SECTORID_: sector-key of the terminal certificate
* _CVCDESCRIPTION_: terminal description * _CVCDESCRIPTION_: description of the terminal certificate
* CERTINCHAIN * CERTINCHAIN
* every certificate of the certificate-chain * every certificate from the certificate chain of the terminal certificate:
* starting with the root certitifcate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_ * starting with the root certificate use the value '0' for _POSINCHAIN_ and put the certificate in _DATA_
* if intermediate certificates exist, increase the value for _POSINCHAIN_ and put the certificate in _DATA_ * if intermediate certificates exist, increase the value for _POSINCHAIN_ and put the certificate in _DATA_
This data must be referenced using a key in _REFID_. This data must be referenced using a key in _REFID_.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment