Versions Compared

Version Old Version 1 New Version 2
Changes made by

Robert Mühsig

Robert Mühsig

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<primedocs>
  <datasources>
    <add id="26735c39-3d6e-44c6-b701-f5ab6cc429fd" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" />
  </datasources>
  <apps>
    <add id="7e132bcb-b088-4cb2-b717-30174884b8f4" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="60e0654e-9e62-4df2-8b24-4d00f2677cfa" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="80e85dff-e533-42df-b8f3-930598d9b955" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="c5667157-6cce-4da6-93ce-464b68947349" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="7ee9d094-e728-4e36-91ea-8fb64aa6b765" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
  </apps>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:iPvKHKDmvlwP" clientSecret="healthmonitor-k9VBA5TXke9P" intervalInSeconds="600"/>
</primedocs>

cert.pfx

Das in der primedocs.config angegebene cert.pfx dient der Signierung der Authentifizierungstokens und hat keinen Bezug zu TLS/SSL Zertifikaten.

Generiert wird das Zertifikat während der Installation, grundsätzlich wird hierbei das Zertifikat mit diesen Parametern generiert:

Code Block
function randomString([int]$length) {
    $characters = "abcdefghiklmnoprstuvwxyzABCDEFGHKLMNOPRSTUVWXYZ0123456789".ToCharArray()
    For ($loop = 1; $loop -le $length; $loop++) {
        $randomString += ($characters | Get-Random)
    }
    return $randomString
}

$certPath = "C:\Temp\cert.pfx"
$certificatePassword = randomString(12)
$certificatePasswordSecureString  = ConvertTo-SecureString -String $certificatePassword -Force -AsPlainText
$certificateDefaultName = "PrimeDocsIdSCert"

$HT = @{
    Subject="CN=$certificateDefaultName";
    KeyLength = 2048;
    HashAlgorithm = 'SHA256';
    KeyUsage = 'DigitalSignature';
    KeyExportPolicy = 'Exportable';
    KeySpec = 'Signature';
    NotAfter = (Get-Date).AddYears(10) ;
    TextExtension = '2.5.29.37={text}1.3.6.1.5.5.7.3.3';
    CertStoreLocation='cert:\localmachine\my';
}
$certificate = New-SelfSignedCertificate @HT

$certificatePath = 'cert:\localMachine\my\' + $certificate.thumbprint

Export-PfxCertificate -cert $certificatePath -FilePath $certPath -Password $certificatePasswordSecureString

Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -match $certificateDefaultName } | Remove-Item

Write-Host "Created certificate file with password '$certificatePassword' created as $certPath"