Welcome. This service can be used to issue test eIDAS QWAC certificates simulating real PSD2 compliant certificates.
How to issue a certificate
This service runs in a Docker container in EAH DEV environment. To issue a certificate you need to login to the container shell:
- go to EAH DEV Portainer and find ca service.
- scroll down to list of containers - there should be only a single one running
- open terminal
Once in the terminal, navigate to a intermediate CA directory you want to use (for EU the correct one is at /ca/intermediate). Then you can run prepared scripts:
generate_csr.sh
./generate_csr.sh androworks.org PSP_AI "Androworks" PSDCZ-CNB-09371111
This will generate a new private key and a new CSR using predefined PSP_AI configuration. Subject common name will be "androworks.org", company name "Androworks" and PSD2 license "PSDCZ-CNB-09371111"
A new directory /ca/intermediate/csr/[commonname] will be created for further signing. If the directory already exists, you cannot generate a new CSR. Usualy you can sign existing CSR to reissue a certificate, or remove the directory (rm -rf /ca/intermediate/csr/[commonname]) and try again.
You can then download ZIP archive containing all the files by constructing URL using common name:
http://ca.dev.ersteapi.net/androworks.org.zip
The ZIP archive is protected by a password.
sign_csr.sh
./sign_csr.sh androworks.org
This will use CSR generated in the previous step identified by subject common name "androworks.org" and use CA intermediate certificate to sign it and issue a certificate.
You will be asked to enter a intermediate private key password. You can find it in EAH keepass db here.
Again you can download a result in form of password protected ZIP archive. The url of the ZIP remains the same:
http://ca.dev.ersteapi.net/androworks.org.zip
generate_crl.sh
Generates a new CRL and publishes it on webserver as:
http://ca.dev.ersteapi.net/crl.pem
revoke.sh
./revoke.sh /ca/intermediate/csr/androworks.org/androworks.org.pem
Revokes given certificate.