Versions Compared

Version Old Version 10 New Version Current
Changes made by

Nivetha

Nivetha

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Pre-requisites

  • MOSIP 1.2.0.x setup with the Partner Management Portal deployed

  • The CA certificate utility to create the device partner certificates

...

View file
nameCA_CERT_UTILITY.zip

STEPS

Info

Please update all the URLs as per your environment

Step 1: Register the “Device Partner” using the Partner Management Portal
https://pmp.dev.mosip.net/

...

If the “Register” option is not found. login to keycloak → realm settings → login → enable user registration and refresh pmp portal..

image-20241119-083923.png

...

Step 2: To Create Mock CA, Sub CA and Partner Certificates using the CA Certificate Utility

...

Info

The “Organization name” passed while registering the partner has to be used to create the client certificate.

Step 3: After the completion of the above steps, the certificates are created in the same folder. The required certificate sheets are highlighted below.

...

Step 4: Steps to upload the above certificates in MOSIP.

...

Info

Once uploaded, you can click on “View Certificate” button and see a certificate. The certificate which is displayed on screen is a signed response where the trust chain has been changed to the MOSIP. This certificate is also known as MOSIP signed device provider certificate.

This certificate is uploaded to the MOSIP Key Manager DB “keymgr.partner_cert_store “ table and then “master.ca_cert_store” table via. websub. The “master.ca_cert_store” later is synced by the registration client to create the registration client trust store.

So, in the “master.ca_cert_store”, you would find at least three certificates i.e MOSIP root certificate, MOSIP PMS certificate and the signed partner certificate. The partner certificates in the trust store increase depending on the numbers of partner certificates being uploaded.

Step 5: To Add the MOSIP signed certificate to the CA Cert Utility folder

  1. Copy the text shown when you can click on “View Certificate”

  2. Open a new notepad++ file and place the data

  3. Find all blank spaces and replace with \n with search mode as “Regular Expression” to make it a “crt” file

  4. Name the file “mosip-signed.crt” and save it in the same directory as CA Cert Utility

...

Step 6: Generate Device.p12 file

  1. Run “create-device-keystore.sh” and enter values as below, and notice the signed-Device.crt has been created.

...