Content Comparison

...

...

The AUTHENTICATION service uses a certificate for the signature of the internal JWTs. We recommend to replace our default certificate by a customer-specific key. Follow the steps to To configure the usage of a customer-specific key (openssl is required), follow these steps:

• Create a container with public and private key. the The string jwt-signing-secret is used as alias and as file name for the container. It can optionally be replaced.

  Code Block
  language powershell
  openssl genrsa -out jwt-signing-secret-key.pem openssl req -new -x509 -days 3650 -key jwt-signing-secret-key.pem -out jwt-signing-secret-cert.pem -subj /C=DE/ST=DE-DE/L=jwt-signing-secret/CN=jwt-signing-secret openssl pkcs12 -export -nodes -name jwt-signing-secret -inkey jwt-signing-secret-key.pem -in jwt-signing-secret-cert.pem -out jwt-signing-secret.p12

  
  

• The files jwt-signing-secret-key.pem and jwt-signing-secret-cert.pem can be deleted.
• Import the container file jwt-signing-secret.p12 as a Kubernetes Secretsecret in den the yuuvis- namespace.
• Add the Secret secret at any place in the file system of the authentication pod.
  Note: After delivery, the container file is located at /yuuvis/jwt-signing-secret.p12 and can be replaced.

• Add the following code block left aligned in the profile authentication-prod.yml and adjust the configuration according to the container file.

  Code Block
  language yml title Addition to authentication-prod.yml
  jwt.signing.keyStoreFile: '/yuuvis/jwt-signing-key.p12' jwt.signing.keyStoreType: 'pkcs12' jwt.signing.keyStorePassword: 'changeme' jwt.signing.keyAlias: 'jwt-signing-key' jwt.signing.keyPassword: 'changeme'

  
  

• Restart the authentication pod.

...