ЕСОЗ - публічна документація
Manual how to upload new certificates to DS
- Petro Lymych
- sveta vedmed (Unlicensed)
Owned by Petro Lymych
DS data model
ds.certs
| Name | Type | M/O | Description |
|---|---|---|---|
| id | uuid | M | |
| name | varchar(255) | M | |
| data | bytea | M | used to downloaded certificate |
| parent | uuid | O | |
| type | varchar(255) | M | |
| active | boolean | M | |
| inserted_at | timastamp | M | |
| updated_at | timastamp | M |
Certificate file types
- *.cer format
- *.pem format
Apiary
Process
Using *.p7b package
- Download certificate package from official site
Validate certificate package
openssl pkcs7 -in package_name.p7b -inform DER -print_certs -out output_file
where
- package_name.p7b - is the name of certificate psckage
- output_file - new created file, that should be downloaded to DB
- Load new file with package of certificates filling all necessary fields
- id → unique uuid
- name → any name that describes certificate
- data → validated package file
- parent → null
- type → pem
- active → true
- inserted_at → now
- updated_up → now
- Restart digital-signature pod
- ex. kubectl delete pod -n digital-signature ds-api-547bc68fd7-vfswq
Using *.cer files
- Download three certificates with types root, ocsp and tsp from official site
- Make sure ocsp certificate is connected with root certificate
- Load all files to DB, with necessary connections
| id | name | data | parent | type | active | inserted_at | updated_up | |
|---|---|---|---|---|---|---|---|---|
| root | uuid | name | root certificate | null | root | true | now() | now() |
| ocsp | uuid | name | ocsp certificate | root UUID | ocsp | true | now() | now() |
| tsp | uuid | name | tsp certificate | null | tsp | true | now() | now() |
4. Restart digital-signature pod (api and ocsp)
- ex. kubectl delete pod -n digital-signature ds-api-7f77b74f4b-ljjs5 ocsp-service-ffc89db9b-wklsh
ЕСОЗ - публічна документація