Skip to content
Last update: May 8, 2024

Encryption and Signing Credentials

To protect the tokens it issues, Virto Commerce uses the encryption credentials to ensure the content of tokens cannot read by malicious parties. They can be either asymmetric (e.g, an RSA key) or symmetric.

Use Self-signed Certificate

Self-signed certificate is generated and stored in the database at the first platform startup.

To regenerate the certificate:

  1. Stop all the platform instances.
  2. Clear the ServerCertificate table in the database.
  3. Run the platform again.

To register a custom certificate, do the following:

  1. Stop all platform instances, if they are running.
  2. Provide usage flags for importing the certificate, at least DigitalSignature and KeyEncipherment.
  3. Prepare two certificate files:

    • A public security certificate file (*.CRT).
    • A security certificate file with a private key and intermediate trust info (*.PFX, PKCS#12).
  4. Set the configuration options (via appsettings.json or environment variables) as follows:

    • Auth:PublicCertPath: Path to the *.CRT file.
    • Auth:PrivateKeyPath: Path to the *.PFX file.
    • Auth:PrivateKeyPassword: Plaintext password from the private part of the PFX certificate.
  5. Run the platform. The system will save the certificates in the database at startup.


You can delete certificate files and remove keys from the configuration for safety reason.