Versions Compared

Version Old Version 1 New Version Current
Changes made by

Petteri Kivimäki

Petteri Kivimäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article is for X-Road versions >= 7.3.0. Instructions for older X-Road versions are available here.

...

Info

The official Central Server installation guide is available at: https://githubdocs.com/nordic-institute/X-Road/blob/develop/doc/x-road.global/Manuals/ig-cs_x-road_6_central_server_installation_guide.mdhtml

After installing the Central Server the admin interface can be found at https://<CENTRAL_SERVER_URL>:4000. At the first time the self-signed certificate from the server needs to be accepted.

...

Note

When using the test CA as a certification provider, please see the location of the CA root certificate and OCSP certificate, and OCSP URL at:

https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md#6-configuring-the-central-server-to-use-the-test-ca-test-ca

Before uploading the CA root certificate and OCSP certificate to the Central Server, the filenames must be updated:

  • ca.cert.pem => ca.pem

  • ocsp.cert.pem => ocsp.pem

  • Choose Trust Services -> Add certification service.

  • Upload the certification service's root certificate and press Upload.

...

Note

When using the test CA as a time-stamping provider, please see the location of the TSA certificate and TSA URL at:

https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md#6-configuring-the-central-server-to-use-the-test-ca

Before uploading the TSA certificate to the Central Server, the filename must be updated:

  • tsa.cert.pem => tsa.pem

  • Choose Trust Services -> Timestamping Services -> Add timestamping service.

  • Add timestamping service URL.

  • Upload the timestamping service's certificate.

  • Press Add.

...

Info

The official Security Server installation guide is available at: https://githubdocs.com/nordic-institute/X-Road/blob/develop/docx-road.global/Manuals/ig-ss_x-road_v6_security_server_installation_guide.mdhtml

3. Configuring the Security Server for management services

...

  • Select TOKEN: SOFTTOKEN-0.

  • Press Add key.

...

  • Define an optional label for the key and press Next.

...

Please note that the authentication and sign certificate fields vary between different certificate profiles. If you are not using the certificate profile mentioned in this guide, the certificate fields are different.

  • Usage - AUTHENTICATION.

  • Certification Service - choose the certification service that was defined on the Central Server.

  • CSR Format - select a suitable format for your certificate service. NOTE: The test CA setup only accepts DER as input format.

  • Press Continue.

...

  • Server DNS name (CN) - the Security Server's FQDN.

  • Organization name (O) - write the name of the organization maintaining the Central Server.

  • Press Generate CSR.

...

  • The certificate request is downloaded to browser's download folder.

  • Press Done.

...

Note

When using the test CA as a certification provider, sign the certificate requests according to the instructions:

https://github.com/nordic-institute/X-Road/blob/develop/ansible/TESTCA.md#7-signing-certificates

...

  • Select Security server owners from the list.

  • Press Next.

...

  • Select addressChange, authCertDeletion, clientDeletion, clientDisable, clientEnable, clientReg and ownerChange.

  • Press Add selected.

...