File Names Of The Ams Certificate - Bosch rexroth ActiveShuttle System Manual

26
Name Certificate
Root certificate(s)
"ca.crt"
Notice!
intermediate certificates.
Certificates for
"tls.crt"
enabling Keycloak
TLS
communication

6 File names of the AMS certificate

In case TLS for the Keycloak User Management is enabled as well, Keycloak needs to be provided and
configured with the certificates.
Prerequisite:
• The certificates must be stored in a specific directory on the server (default:
keycloak-data/cert/
• The file crt must contain the entire certificate chain including the CA certificate.
1. Place the certificate into the file.
2. Attach the contents of the CA certificate.
3. If the certificate chain also contains intermediate CA certificates, make sure that each certificate
placed in the file signs the preceding certificate.
Every service mounts a crypto folder (by default ./fms/certs/ ) in its Docker-Container, as written in
the docker-compose file below.
The syntax is as follows:
volumes: - ./fms/certs:/usr/src/app/services/servicename/crypto:ro
→ If the certificates are stored in a different local folder, replace
path.
The "servicename" changes for every AMS service (for example mapsrv, hmisrv, messengersrv, etc.)
→ If self-signed certificates are used, mount the crt file into the AMS Docker images.
→ Add the environment variable:
1.1.1.2. Server certificate
The certificates must be server certificates:
RA91390962 AB-V1.3.3, en
Must include all necessary root and
) and must be mounted into the Keycloak container to
NODE_EXTRA_CA_CERTS=/path/to/ca.crt.
ILS, ActiveShuttle | Requirements
Name Key file
"tls.key"
./base/ keycloak/
/etc/x509/https/
./fms/certs with the corresponding folder