Skip to main content
Skip table of contents

Certificate management

Overview

VeridiumID services uses SSL communication and Client Certificate authentication. That implies consistent certificates management.

The picture bellow depict the CAs and certificates usage for SSL communication and authentication

While part of the certificates are managed at Application layer, others are not. That’s why the Operational runbook provides a script to check all the certificates used for SSL or Authentication of the services.

The check certificates script is used to check the validity of all certificates used in the VeridiumID server (Friend, Default, Admin and device certificates).

The script should be executed on one WEBAPP and one PERSISTENCE in each datacenter. This is necessary, because it takes the information from Zookeeper, Haproxy and also from Cassandra.

Usage:

CODE 
python3 /etc/veridiumid/scripts/check_certificates.py

In order to identify expiring certificates, please run also:

CODE 
python3 /etc/veridiumid/scripts/check_certificates.py | grep -e Warn -e Fail
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close