The purpose of this document is to guide you in how to set up your PEPPOL certificates in order to make Oxalis "tick".
PEPPOL has defined a PKI structure which allows for prudent governance of the access points, the SMP’s and so on.
Every low level message passed between access points and between the access point and the SMP, are signed with digital certificates.
There is a "test" and "production" hierarchy of certificates.
When your certificate is issued by PEPPOL, it will be signed with the intermediate AP certificate.
Oxalis validates your certificate as part of startup, and configures your installation accordingly.
You need only to supply your own key store, holding the private key and the corresponding PEPPOL certificate with your public key embedded.
-
Request PKI certificate in the OpenPEPPOL Service Desk (OpenPEPPOL members only).
-
Follow instruction on the PKI issuing information page or updated link provided by OpenPEPPOL Support Team.
-
Copy the generated JKS or PKCS#12 keystore to your
$OXALIS_HOME -
Update the configuration entry in
oxalis.conf(Key store part). -
Start Oxalis.
oxalis.keystore: {
path: my-keystore.p12 (1)
password: "1uHGTjM7kHi7!CG" (2)
key: {
alias: "pno000001-s openpeppol aisbl id" (3)
password: "@1F6m53NVJBOp!n" (4)
}
}-
Key store filename.
-
Password of key store provided during export from browser.
-
Key alias found during inspection of key store.
-
Password of key, normally the same as password for key store unless manually changed.