/
To Build Registration Mock-MDS (using pms-portal)

To Build Registration Mock-MDS (using pms-portal)

Owned by Nivetha
Last updated: Mar 19, 2025
6 min read

Pre-requisites

  • MOSIP 1.2.0.x setup with the Partner Management Portal deployed

  • The CA certificate utility to create the device partner certificates

The CA_CERT_UTILITY is a certificate creation utility that uses shell script commands being executed sequentially to generate valid certificates. For Linux machines running the script is easy but windows machines will need the git installed or need the OpenSSL application installed in the machine.

STEPS

Please update all the URLs as per your environment

Step 1: Register the “Device Partner” using the Partner Management Portal
https://pmp.dev.mosip.net/

Organization Name” is required while creating the partner certificate, hence organization name should be the same in both partner certificate and while registering the partner.

If the “Register” option is not found. login to keycloak → realm settings → login → enable user registration and refresh pmp portal..

image-20241119-083923.png
image-20241119-082246.png
pmp.png

Step 2: To Create Mock CA, Sub CA and Partner Certificates using the CA Certificate Utility

  • Run the “ create-certs.sh "

  • Sequentially create the certificates for CA, SUBCA and Partner (also known as client)

CA.png
ICA.png

The “Organization name” passed while registering the partner has to be used to create the client certificate.

Step 3: After the completion of the above steps, the certificates are created in the same folder. The required certificate sheets are highlighted below.

Step 4: Steps to upload the above certificates in MOSIP.

All the above certificates has to be uploaded sequentially, as per the below sequence,
RootCA → IntermediateCA → Client

  1. Rename the below certificates

    1. RootCA.crt → RootCA.cer

    2. InternmediateCA.crt → InternmediateCA.cer

    3. Client.crt → Client.cer

  2. Login to the partner management portal using the user which has the role “PARTNER_ADMIN” assigned and navigate to the “Upload CA Certificate”

    Upload CA Certificate Screen

  3. Upload the RootCA.cer

  4. Upload the InternmediateCA.cer

  5. Login to the partner management portal using the credentials of the “Device Partner” registered in Step 1 and upload the Client.cer in the Upload Certificate option

Once uploaded, you can click on “View Certificate” button and see a certificate. The certificate which is displayed on screen is a signed response where the trust chain has been changed to the MOSIP. This certificate is also known as MOSIP signed device provider certificate.

This certificate is uploaded to the MOSIP Key Manager DB “keymgr.partner_cert_store “ table and then “master.ca_cert_store” table via. websub. The “master.ca_cert_store” later is synced by the registration client to create the registration client trust store.

So, in the “master.ca_cert_store”, you would find at least three certificates i.e MOSIP root certificate, MOSIP PMS certificate and the signed partner certificate. The partner certificates in the trust store increase depending on the numbers of partner certificates being uploaded.

Step 5: To Add the MOSIP signed certificate to the CA Cert Utility folder

  1. Copy the text shown when you can click on “View Certificate”

  2. Open a new notepad++ file and place the data

  3. Find all blank spaces and replace with \n with search mode as “Regular Expression” to make it a “crt” file

  4. Name the file “mosip-signed.crt” and save it in the same directory as CA Cert Utility

Step 6: Generate Device.p12 file

  1. Run “create-device-keystore.sh” and enter values as below, and notice the signed-Device.crt has been created.

Enter the values name as FACE

Picture.png

 

 2. Open the create-device-keystore.sh in the notepad++ .

To generate the device.p12 , in the last command add the ca_cert_utility folder path in the places before signed-Device.crt, Device.key and Device.p12.

image-20241108-083928.png

  1. Open the “open ssl”.

    Path - Program files --> git -->usr-->bin --> open ssl.(Refer the picture for the path)

    Copy the edited, ssl command and run it in the open ssl, refer picture below.

enter the export password ‘mosipface’. and notice the device.p12 is created.

Note1: Git should be installed in the local to use this ssl command.

Note2: This export password is required to build the mcok mds.

Picture1.png

  1. Once all Certificates are created, you will find a list of files in the same directory below

Step 7: Setting up the Mock Registration MDS

  1. Download the latest mock MDS .zip from the URL: GitHub - mosip/mosip-mock-services. Open git bash and run the following commands. Reference picture attached.

cd d:/mockmds -----(Desired directory) git clone https://github.com/mosip/mosip-mock-services.git cd mosip-mock-services git checkout v1.2.0.2 ---(Checkout to the latest)
image-20241120-072619.png

  1. Place the device certificates created in the certificate paths as highlighted below in the mock MDS:
    respectively for face, Finger – single and slap and Iris – Double and single.

  2. Modify the “application.properties” file as below after placing the certificates are placed.

  • Change the keystorefilename, keyalias and keystorepwd as given below for Finger – single and slap and Iris – Double and single.

Picture3.png

  • change the url and secret key.

Screenshot 2024-11-08 142615.png

  • Change this score baed on the threshold set.
    mosip.mock.sbi.quality.score=90

  1. Build the MDS in the command prompt in the same directory where the pom file exists
    run “mvn clean install -Dgpg.skip=true -Dmaven.test.skip=true

Once the MDS is built, A target folder will be generated and it can be used with the registration client to capture mock data.

 5. Open the run_reg.bat in notepad++ and change the jar version as like which is present inside the target folder.

image-20241119-061214.png

  1. Run the run_reg.bat to start the mock mds.

image-20241108-091634.png

end

Related content