Product Documentation

    Add Private MDS Files

    With SKFS 4.12 RFE-34,  the server now allows private MDS files to be loaded in the FIDO Server with the requirement that the private MDS files follow the same format as provided by FIDO Alliance. New configuration properties have been added to enable this and some existing properties have been modified to make all the properties consistent.

     

    Explore the comprehensive MDS Properties guide for a detailed understanding.

     

    Follow the steps below to make change to the properties:

    • Switch to (or login as) the "strongkey" user 
      shell > su - strongkey
    • Edit the skfs properties file 
      shell > vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties
    • Set the number of private MDS files to be added: 
      skfs.cfg.property.mds.private.count=<number>

example
skfs.cfg.property.mds.private.count=2
    • Set the unique name for each private MDS file. The count will increase with the addition of more private MDS files. Also, the property template will determine how the private MDS file is loaded and its location. Ensure that the <name> matches the value of the properties: 
      skfs.cfg.property.mds.private.source.<count>=<name>
      skfs.cfg.property.mds.private.<name>.loadmethod=<url|local>
      skfs.cfg.property.mds.private.<name>.loadmethod.url=
      skfs.cfg.property.mds.private.<name>.loadmethod.local=

      example
      skfs.cfg.property.mds.private.source.1=skmanufacturer01
      skfs.cfg.property.mds.private.skmanufacturer01.loadmethod=local
      skfs.cfg.property.mds.private.skmanufacturer01.loadmethod.url=
      skfs.cfg.property.mds.private.skmanufacturer01.loadmethod.local=/usr/local/strongkey/skfs/mds/private/skmanufacturer01.txt

      skfs.cfg.property.mds.private.source.2=skmanufacturer02
      skfs.cfg.property.mds.private.skmanufacturer02.loadmethod=local
      skfs.cfg.property.mds.private.skmanufacturer02.loadmethod.url=
      skfs.cfg.property.mds.private.skmanufacturer02.loadmethod.local=/usr/local/strongkey/skfs/mds/private/skmanufacturer02.txt
    • Private MDS files must be digitally signed and SKFS needs the certificate to verify the signature before the file can be accepted. Set the following properties to define the location and password of the truststore. When adding the certificate to the truststore, the certificate alias needs to match the <name> identified for a specific private MDS file: 
      skfs.cfg.property.mds.private.truststore.location=
skfs.cfg.property.mds.private.truststore.password=
    • Restart the payara server 
      shell > sudo service glassfishd restart