NDM Simulator Operation Manual

Starting/Stopping the NDM Simulator

Use the 3dsdemoctl script to start or stop the Netcetera Demo Merchant Simulator.

Run the script with the -h option to learn about the available options and commands:

$ $NDM_SIMULATOR_HOME/bin/3dsdemoctl.sh -h

Credentials

The NDM Simulator application uses TLSv1.2 client and root certificates stored in Java KeyStore (JKS) format. Keystore files, once created and populated, need to be referenced for usage in the NDM Simulator Properties file. The certificates are used for securing the connection when simulating Results Request messages to the 3DS Server.

For creating and managing keystores, Java keytool is used. The keytool is part of the Java Development Kit (JDK).

The keytool expects certificates to be imported in either DER format or PEM format (Base64 encoded DER format).

In order the create and populate the keystore files follow the steps:

  • Generate Certificate Authority (CA) 
    openssl req -nodes -x509 -days 7300 -subj "/CN=ca/O={ORGANISATION}/L={CITY}/ST={STATE}/C={COUNTRY}" -newkey rsa:2048 -keyout ca.key -out ca.crt
  • Generate Client Certificate Request 
    keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={CLIENT-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
    keytool -certreq -alias client -file client.csr -keystore client.jks
  • Sign Client Certificate 
    openssl x509 -CA ca.crt -CAkey ca.key -set_serial 2 -req -in client.csr -out client.crt -days 7300
  • Import CA and Client Certificate in keystore 
    keytool -import -trustcacerts -alias ca -file ca.crt -noprompt -keystore client.jks
    keytool -import -trustcacerts -alias client -file client.crt -noprompt -keystore client.jks
  • Generate certificate used by ACS simulator used for signing content in the Authentication Response 
    keytool -genkey -alias acs-signed-content -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={ACS-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
    keytool -certreq -alias acs-signed-content -file acs-signed-content.csr -keystore client.jks
    openssl x509 -CA ca.crt -CAkey ca.key -set_serial 2 -req -in acs-signed-content.csr -out acs-signed-content.crt -days 7300
    keytool -import -trustcacerts -alias acs-signed-content -file acs-signed-content.crt -noprompt -keystore client.jks
  • Configure 3DS Server configuration to use the keystore

    Once created the keystore, visit the 3DS Server documentation on how to configure the 3DS Server to use the already created keystore when communicating with the NDM Simulator as a Directory Server and update the NDM Simulator Properties file.