Get and Configure Peppol AP Certificate - OxalisCommunity/oxalis-ng GitHub Wiki
Table of Contents
Peppol AP Certificate How certificate used in Oxalis? How can I obtain an AP certificate for my Access Point? Example Configuration
Peppol AP Certificate
Peppol has defined a PKI structure which allows for prudent governance of the access points, the SMP's and so on. Every low-level message passed between access points and between the access point and the SMP, are signed with digital certificates. There is a "Test" and "Production" hierarchy of certificates. When OpenPeppol issue AP certificate, it is signed with the intermediate AP certificate.
How certificate used in Oxalis?
Oxalis validates your AP certificate as part of startup and configures your installation accordingly. You need only to supply your own certificate (JKS or PKCS#12 keystore) holding the private key and the corresponding Peppol certificate with your public key embedded.
How can I obtain an AP certificate for my Access Point?
- Request PKI certificate in the OpenPeppol Service Desk. Only OpenPeppol Access Point members can obtain AP certificates. For details, refer OpenPeppol Membership
- Follow instruction in Introduction to the revised PKI Certificate infrastructure and issuing process or updated link provided by OpenPeppol Support Team
- Copy the generated JKS or PKCS#12 keystore to your
$OXALIS_HOMEdirectory - Update the configuration entry
oxalis.confavailable at$OXALIS_HOME
Example Configuration
oxalis.keystore: {
path=POP000XXX_Test_AP.p12 <1>
password = "<SOME-PASSWORD>" <2>
key.alias = cert <3>
key.password = "<SOME-PASSWORD>" <4>
}
- JKS or PKCS#12 keystore filename
- Password of key store provided during export from browser
- Key alias found during inspection of key store
- Password of key, normally the same as password for key store unless manually changed