Adding support for ESTEID SK 2015 certification chain

kristiu edited this page Jan 12, 2016 · 8 revisions

JDigiDoc versions 3.12 and newer

Support for ESTEID-SK 2015 certification chain is already included in JDigiDoc library's versions 3.12 and above, additional configuration is not needed.

JDigiDoc versions older than 3.12

In case of the library's versions earlier than 3.12, changes have to be made to jdigidoc.cfg configuration file in order to add support for ESTEID-SK 2015 certification chain. For example, change the configuration file as follows:

https://github.com/open-eid/jdigidoc/commit/a73c727c7d9254677a44d42b56a5126f7d39208d#diff-2b21c3ab0f753def63a3001124a07c00

Notes:

  1. In the sample referred to above, the configuration entry DIGIDOC_CA_1_CERT12 must refer to the location of the ESTEID-SK 2015 file that can be accessed by the library.
    1. The sequence numbers in the DIGIDOC_CA_1_CERT12 parameter value are not constant and must be set according to the numbering that is used in a specific configuration file.
    2. For example, the value jar://certs/ESTEID-SK 2015.crt means that the certificate is named ESTEID-SK 2015.crt and the file is placed in a .jar archive's certs folder (this is the default location where the production certificates that are included in jdigidoc-*.jar archive are placed). In this case, the jar archive must be included in classpath for the library to access it.
    3. The certificate file may also be placed outside a jar archive, to an arbitrary location in the file system. In this case, the parameter value must specify path and file name of the certificate.
  2. The ESTEID-SK 2015 certificate file must be in PEM format.
  3. Additional information on configuring CA certificate settings in JDigiDoc configuration file can be found from http://id.ee/public/SK-JDD-PRG-GUIDE.pdf, see chapters "4.2 Configuration parameters" under "CA certificates" and "Registering or removing CAs and OCSP responders".