Imprint

Renew trusted peer certificates (Folio/Mindbreeze)Permanent link for this heading

First published: 11 August 2021 (cf, ck)

Last update: 6 December 2024 (ck)

SummaryPermanent link for this heading

The search communication between Fabasoft Folio and Fabasoft Mindbreeze Enterprise is secured by a certificate.

During the setup of the integration between Folio and Mindbreeze those certificates need to be created and installed.

If the created certificates expire, searching the Mindbreeze index within Fabasoft Folio will not work anymore and error messages will be thrown in the Windows Event log / Linux system log.

This documentation explains the procedure to create or renew the trusted peer certificates.

Hint: Creating an SSL certificate for the Mindbreeze Client webservices, see the article Creating SSL certificates for Mindbreeze Client in Windows .

SolutionPermanent link for this heading

Option 1: Provide a certificate of your corporate CA (recommended)Permanent link for this heading

Use this option if you have a public key infrastructure (PKI) in your infrastructure and know how to create client certificates. Client certificates are not meant as SSL certificates!

Prepare the following files from your CA:

  • The CA certificate in X509 PEM format (if you use intermediate CA's, use the CA issued the client certificate)
  • The client certificate in X509 PEM format (make sure that the certificate is issued as Client certificate not Server certificate)
  • The private key of the client certificate in PEM format
  • The pass-phrase of the client certificate.

Continue with the chapter " Installation of the certificates ".

Option 2: Re-create a long-term self-signed certificatePermanent link for this heading

Use this option if you don't have a public key infrastructure (PKI) set up, or you don't need your corporate-owned certificates for the communication between Fabasoft Folio and Mindbreeze. Remember that the communication is still secured. This is the easier option to set-up.

A zip archive with all necessary files needed in this article is provided here: https://at.cloud.fabasoft.com/folio/public/3lwxuo1qfco642alyzdbh7jp5d

To create certificates with a longer expiration period, follow these steps:

  • Create a new folder and unzip the files from the archive (openssl.exe, openssl.cnf, createcertificate.js)
  • Make a backup of the file createcertificate.js (e.g. by copying the file)
  • Edit createcertificate.js
  • In the first appearance of the shell. Run command line (near the bottom of the file) change the parameter -days 365 to -days 3650 (this means 10 years instead of 1 year)
  • Save and close the file
  • Open the openssl.cnf file
  • Search for the config value default_days (default value is 365)
  • Change the config value to 3650 days
  • Save and close the file
  • Delete the index.txt file.
  • On a command prompt, change to the the folder you have created and run the modified createcertificate.js by entering cscript.exe //b createcertificate.js
  • The created certificates are directly located the directory. The following files are needed in the next steps: cacert.pem, request.key, request.pem, passwd .
  • You also need to export the certifiate for use in the client services. In the same folder in the command line run the command
    openssl pkcs12 -in request.pem -inkey request.key -export -out client.p12
    and when asked for a password for the export hit enter twice, so that the resulting pkcs12 certificate is not secured with a password.

Continue with the chapter " Installation of the certificates "

Installation of the certificatesPermanent link for this heading

Import the new CA to MindbreezePermanent link for this heading

  • Open the Mindbreeze Configuration Website (usually http://localhost:23000 on the Mindbreeze server)
  • Navigate to the Certificates tab
  • Upload the cacert.pem certificate. After the upload, the CA is visible under the "Available CAs" section.
  • Upload the client.p12 and select the new certificate in the propierties of all client services in the option “Credential Certificate
  • Select the new certificate as " Trusted peer ". You may delete unneeded CAs in this section.
  • Make sure that the Mindbreeze processes get restarted after you have changed the CA.

Import the client certificate to Fabasoft FolioPermanent link for this heading

  • Import the request.pem file to Fabasoft Folio.
  • Copy the object to the clipboard.
  • In Folio, navigate to Domain Administration / Domain Objects / Services .

Do this step for every "Indexing Service" object:

  • Edit the Indexing Service object
  • Paste the client certificate to the property Client certificate
  • Enter the directory and filename to the Private key string property. The request.key file needs to be copied to each webserver at this location. UNC paths are not valid.
  • Enter the pass-phrase from the passwd file to Pass-phrase of private key . Copy & Paste might paste needless whitespaces, so compare the number of characters.
  • Please remember to copy the request.key file to every webserver.

After a recycle of the Fabasoft Folio webservices, the new configuration takes place.

Applies toPermanent link for this heading

  • Fabasoft Folio
  • Fabasoft eGov-Suite

when connected to a Mindbreeze Enterprise installation

Download PDF

Download PDF