DS data model

ds.certs

Certificate file types

1. *.cer format
2. *.pem format

Apiary

digital-signature

Process

Using *.p7b package

1. Download certificate package from official site

2. Validate certificate package

   openssl pkcs7 -in package_name.p7b -inform DER -print_certs -out output_file

   where 

   1. package_name.p7b - is the name of certificate psckage
   2. output_file - new created file, that should be downloaded to DB
3. Load new file with package of certificates filling all necessary fields
   
   1. id → unique uuid
   2. name → any name that describes certificate
   3. data → validated package file
   4. parent → null
   5. type → pem
   6. active → true
   7. inserted_at → now
   8. updated_up → now
4. Restart digital-signature pod
   1. ex. kubectl delete pod -n digital-signature ds-api-547bc68fd7-vfswq

Using *.cer files

1. Download three certificates with types root, ocsp and tsp from official site
2. Make sure ocsp certificate is connected with root certificate
3. Load all files to DB, with necessary connections

4. Restart digital-signature pod (api and ocsp) 

1. ex. kubectl delete pod -n digital-signature ds-api-7f77b74f4b-ljjs5 ocsp-service-ffc89db9b-wklsh