Public and private certificates generation for later use in Connect Service Bus.
In order to achieve secure communication between source and destination MA, message content is encrypted using certificate. Source MA uses public X.509 certificate of destination MA to encrypt entire data content. Then destination MA, which holds private key, decrypts the message using its own private X.509 certificate.
The Windows console application located in certificate-upload-console is used for both generating and uploading certificates. When you run it, firstly it will generate public and private certificate and then upload the public one to the server for other MAs to use.
To generate and upload certificate you must provide client id, secret key and environment. You can pass them as parameters:
c: client idk: secret keye: environment (use either environment name or environment code from this list: beta, test, int, hfix, prep, prod)or enter them later when application will ask for them.
Certificate generation is based on OpenSSL as SSL/TLS toolkit which is embedded in this console application.
After you run this application, you will be prompted to enter secure password for a private key and export password for PKCS#12 file. The file defines an archive format which is commonly used to bundle a private key with its X.509 certificate and can be imported later in other software using previously entered export password.
Following files will be created in openssl_output folder:
public_cert.pem: file with public certificate - will be automatically uploaded to Connect Service Bus so senders can use it to encrypt messagesprivate_key.pem: file containing created private key - should be kept confidential; you will use it to decrypt messagescertificate.pfx: password protected PKCS #12 file containing created private key and public certificate - should be kept confidentialPlease note that generated certificate will expire in 2 years.
To encrypt a message, only public_cert.pem file will be used and it will be stored in central Connect Service Bus infrastructure. certificate.pfx file will be used locally by MA to decrypt received messages and it should be kept confidential together with private_key.pem.
Upon generating certificates the application will proceed to upload public certificate. If console application can't be used, certificate can be uploaded using Connect Service Bus SDK. To see how, please refer to FIFA Connect Service Bus SDK documentation.