Problem:
- Product Name: VisiBroker
- Product Version: 5.2.1
- Product Component: Name & Security Service
- Platform/OS Version: ALL
- JDK/Compiler Version: Supported JDKs
What are different types of certificates that are supported by the wallet-type properties in the VisiSecure Service?
Here are the wallet properties:
vbroker.security.wallet.type=...
vbroker.security.wallet.identity=...
vbroker.security.wallet.password=...
Resolution:
There are two types certificates that wallet properties support: directory-based and PKCS12-based. Configuration involves both building correct directory/file structures and setting the right values to the wallet properties.1. Directory-base: This type of wallet is used to set the X509v1 or v3 certificate chains that are in Base 64 format. To correctly build the file structures, follow this example:
#These values are also used in Borland Security Service 4.5
vbroker.security.wallet.type=Directory:./identities
vbroker.security.wallet.identity=paul
vbroker.security.wallet.password=Paul$$$$
With these values, there should be a ./identities folder where these wallet properties are used. Under the ./identities folder, there should be a ./paul folder. And under the ./paul folder are the X509v1 or v3 certificate chain, along with the private key, all in Base 64 format. The certificate chain and the private key are to follow this naming convention:
(file names are shown in the left-hand column)
cert0 - the most derived certificate in the chain, in another word, the certificate the defines the identity of this chain. In this case, cert0 points to "paul" identity.
cert1 - the next certificate in the chain
cert2 - the next certificate in the chain
...
cert - the root certificate of this chain
key - the private key of the chain
2. PKCS12-based: this type of wallet is used to set certificate identities using .p12 certificate file. To properly configure and use this type of properties, please follow the example below:
vbroker.security.wallet.type=PKCS12:.
vbroker.security.wallet.identity=delta
vbroker.security.wallet.password=Delt@$$$
For these properties to work, there should be a delta.p12 certificate file in the current directory where these wallet properties are been used.
At the run time, Visibroker Security Service uses this algorithm to look up the right p12 file:
alias = get the property value of ("vbroker.security.wallet.identity")
if (the value of "vbroker.security.wallet.type") starts with "PKCS12")
directory = get the substring after ":" of the value of "vbroker.security.wallet.type" //which is the period .
the location of P12 file = directory java.io.File.separator alias ".p12" //e.g. this translate into ./delta.p12 on Unix
#Security
#VisiBroker
