Use the 3dsdemoctl script to start or stop the Netcetera Demo Merchant Simulator.
Run the script with the -h
option to learn about the available options and commands:
$ $NDM_SIMULATOR_HOME/bin/3dsdemoctl.sh -h
The NDM Simulator application uses TLSv1.2 client and root certificates stored in Java KeyStore (JKS) format. Keystore files, once created and populated, need to be referenced for usage under configuration properties found in the $NDM_SIMULATOR_HOME/conf/
.
For details on the available configuration properties please consult the 3DS 2.x, 3DS 1.0 and UPOP simulator configuration documentation.
The certificates are used for:
For creating and managing keystores, Java keytool
is used. The keytool
is part of the Java Development Kit (JDK).
The keytool
expects certificates to be imported in either DER format or PEM format (Base64 encoded DER format).
In order the create and populate the keystore files follow the steps:
openssl req -nodes -x509 -days 7300 -subj "/CN=ca/O={ORGANISATION}/L={CITY}/ST={STATE}/C={COUNTRY}" -newkey rsa:2048 -keyout ca.key -out ca.crt
keytool -genkey -alias client -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={CLIENT-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
keytool -certreq -alias client -file client.csr -keystore client.jks
openssl x509 -CA ca.crt -CAkey ca.key -set_serial 2 -req -in client.csr -out client.crt -days 7300
keytool -import -trustcacerts -alias ca -file ca.crt -noprompt -keystore client.jks
keytool -import -trustcacerts -alias client -file client.crt -noprompt -keystore client.jks
keytool -genkey -alias acs-signed-content -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={ACS-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
keytool -certreq -alias acs-signed-content -file acs-signed-content.csr -keystore client.jks
openssl x509 -CA ca.crt -CAkey ca.key -set_serial 2 -req -in acs-signed-content.csr -out acs-signed-content.crt -days 7300
keytool -import -trustcacerts -alias acs-signed-content -file acs-signed-content.crt -noprompt -keystore client.jks
keytool -genkey -alias 3ds1-acs-signing -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={3D1-ACS-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
keytool -certreq -alias 3ds1-acs-signing -file 3ds1-acs-signing.csr -keystore client.jks
openssl x509 -CA ca.crt -CAkey ca.key -set_serial 3 -req -in 3ds1-acs-signing.csr -out 3ds1-acs-signing.crt -days 7300
keytool -import -trustcacerts -alias 3ds1-acs-signing -file 3ds1-acs-signing.crt -noprompt -keystore client.jks
keytool -genkey -alias upop-signing -keyalg RSA -keysize 2048 -keystore client.jks -dname "CN={UPOP-CERTIFICATE-CNAME},O={ORGANISATION},L={CITY},ST={STATE},C={COUNTRY}"
keytool -certreq -alias upop-signing -file upop-signing.csr -keystore client.jks
openssl x509 -CA ca.crt -CAkey ca.key -set_serial 4 -req -in upop-signing.csr -out upop-signing.crt -days 7300
keytool -import -trustcacerts -alias upop-signing -file upop-signing.crt -noprompt -keystore client.jks
Once created the keystore, visit the 3DS Server documentation on how to configure the 3DS Server to use the already created keystore when communicating with the NDM Simulator as a Directory Server. Additionally, the configuration properties found in the $NDM_SIMULATOR_HOME/conf/
need to be updated.
For details on the available configuration properties please consult the 3DS 2.x, 3DS 1.0 and UPOP simulator configuration documentation.