Encryption and Signing Credentials
To protect the tokens it issues, Virto Commerce uses the encryption credentials to ensure the content of tokens cannot read by malicious parties. They can be either asymmetric (e.g, an RSA key) or symmetric.
Using Self-signed Certificate¶
Self-signed certificate is generated and stored in the database at the first platform startup.
If you want to re-generate the certificate, just stop all the platform instances, and then clear the ServerCertificate table in the database and run the platform again.
Registering Certificate (Recommended for Production-ready Scenarios)¶
To register a custom certificate, do the following:
-
Stop all platform instances, if they are running.
-
Provide usage flags for importing the certificate, at least
DigitalSignatureandKeyEncipherment. -
Prepare two certificate files:
-
Public security certificate file (*.CRT)
-
Security certificate file with private key and intermediate trust info (*.PFX, PKCS#12)
-
-
Set the configuration options (through
appsettings.jsonor environment variables) in the following way:-
Auth:PublicCertPath: Path to the *.CRT file
-
Auth:PrivateKeyPath: Path to the *.PFX file
-
Auth:PrivateKeyPassword: Plaintext password from the private part of the PFX certificate
-
-
Run the platform. The system will save the certificates in the database at startup.
Note
You can delete certificate files and remove keys from the configuration for safety reason.