Last update:
August 26, 2024
Encryption and Signing Credentials¶
To protect the tokens it issues, Virto Commerce uses the encryption credentials to ensure the content of tokens cannot read by malicious parties. They can be either asymmetric (e.g, an RSA key) or symmetric.
Use self-signed certificate¶
Self-signed certificate is generated and stored in the database at the first platform startup.
To regenerate the certificate:
- Stop all the platform instances.
- Clear the
ServerCertificate
table in the database. - Run the platform again.
Register certificate (recommended for production-ready scenarios)¶
To register a custom certificate, do the following:
- Stop all platform instances, if they are running.
- Provide usage flags for importing the certificate, at least
DigitalSignature
andKeyEncipherment
. -
Prepare two certificate files:
- A public security certificate file (*.CRT).
- A security certificate file with a private key and intermediate trust info (*.PFX, PKCS#12).
-
Set the configuration options (via appsettings.json or environment variables) as follows:
- Auth:PublicCertPath: Path to the *.CRT file.
- Auth:PrivateKeyPath: Path to the *.PFX file.
- Auth:PrivateKeyPassword: Plaintext password from the private part of the PFX certificate.
-
Run the platform. The system will save the certificates in the database at startup.
Note
You can delete certificate files and remove keys from the configuration for safety reason.