Versions Compared

Version Old Version 43 New Version 44
Changes made by

Julio D'Angelo

Julio D'Angelo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
indentcircle

Description

Debbie is a tool used to validate certificates and signatures. Its REST interface allows an easy way to obtain a JSON response that indicates if a signature is valid and if it complies with a validation policy.

Its services can be configured to respond over an HTTP or HTTPS protocol.

Debbie runs over any JVM 1.8 and can be configured to run as a service on Windows or Linux OS. 

Also, a Docker distribution is available. 


Connectivity

To perform the certificates status validation, and depending on the elements and policies that are configured, Debbie requires access to the services provided by a Certificate Authority.

These services are usually accessible through HTTP, both for the publication of the List of Revoked Certificates (CRL) and for OCSP (Online Certificate Status Protocol) services. It is convenient that you consider this need.


Service & Policy

Debbie responds to the requests in each of the URLs defined in its configuration files. Each defined policy must have its own unique URL, and there cannot be a defined URL within another.

At least one policy must be defined so that the service can be started.


CertiSur, to perform tests of the service, makes available the following URL where the service can be accessed:

https://homo-debbie.certisur.com:4443/<tenant>


Related Product

Alison SDK js

Alison SDK allows a developer to integrate Alison Desktop in its pages in an easier way. Go to the Alison SDK documentation.

Alison Desktop

You can obtain the current version of Alison Desktop from ACME Alison Wizard site.

For developers, go to the Alison Desktop documentation.


Distribution


Debbie is released in two different ways:

- A docker container,

- A .zip file to be installed as a service on Windows or Linux

To obtain a ZIP distribution, please contact CertiSur team at support@certisur.com.


CertiSur will share with you the .zip file in case you decide to use this option. But if you prefer the docker alternative, follow the below instructions:



Download ACME image

Step 1- Download Docker image

In order to download the images, the user must be registered in the aforesaid platform. Contact CertiSur to request access, and inform the Docker Hub profile to grant access to the docker image.

Login using a Docker Hub account:


Code Block
languagebash
themeDJango
titleLogin Docker Hub
# docker login -u <docker hub account>
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded


Info
titleInform your docker hub account

You have to inform your docker hub account in order to authorize to download the package. Send an email to support@certisur.com.


Note
titleSecurity warning

It is possible to save the user’s credentials so as to login safely following the steps on this link(https://docs.docker.com/engine/reference/commandline/login/#credentials-store).

Step 2- Pulling an image from Docker


Code Block
languagebash
themeDJango
titleDownloading image
# docker pull certisursa/debbie:latest

latest: Pulling from certisursa/debbie
a02a4930cb5d: Pull complete
b5ffff9dbcda: Pull complete
...
7e5f58de12ac: Pull complete
Digest: sha256:332ee89371399b7c6235465beb00fbd2071868fecee33fc14d04b87ba99b265d
Status: Downloaded newer image for certisursa/debbie:latest
docker.io/certisursa/debbie:latest


Step 3- Run debbie docker image

To run debbie container you have to execute the following command line:

Code Block
languagebash
themeDJango
titleRun Debbie
# docker run -d \
-it \
-p <external_port>:8080 \
-v <debbie_config_folder>:/app/config/ \
-v <debbie_log_folder>:/app/log/ \
-v <debbie_doc_repository_folder>:/app/repository/ \
debbie


It is necessary to overwrite the directory where the configuration of the tenants is located. The volume configuration explained below.

Volumes

The following volumes must be mounted on the Docker image to overwrite the variables of each defined tenant.

Source (host)Path (container)Description
/home/opera/docker/debbie/config/app/configconfiguration files
/home/opera/docker/debbie/log/app/loglog files
/home/opera/docker/debbie/repository/app/repositorydoc repository


Step 4- Test debbie

Execute the following command to run default debbie docker container

Code Block
languagebash
themeDJango
titleRun Debbie
# docker run -d \
-it \
--name debbie \
-p 8080:8080 \
certisursa/debbie:latest


Open your browser pointing to localhost:8080 (or the port defined by you) to access the URL where you published your Debbie installation. You'll see the following image.

If you can see this image means that you have Debbie running into your docker container.


Info
titleDebbie default configuration

Debbie docker image includes an ACME tenant inside. You must overwrite that definition to include your own company or project tenants.



Add Custom Tenant


After you have Debbie running on your own container, you can add a custom tenant following the next steps:

Step 5- Download a custom example (looney) and customize

Download the files from the following link looney-validation-demo.tgz

Code Block
languagebash
themeDJango
titleSample Configuration Directories
collapsetrue
├── debbie
│   ├── config
│   │   ├── certstore
│   │   │   ├── CertiSur.root.ClassB.G1.pilot.509.cer
│   │   │   └── CertiSur.shared.ClassB.G1.pilot.509.cer
│   │   ├── debbie.json
│   │   ├── debbielog.properties
│   │   └── policies
│   │       └── looney.policy.json
│   ├── logs
│   └── repository
└── docker-compose.yml


Configure your docker-compose file to mount the following volumes.

External directoryContainer directory
./debbie/config/app/config
./debbie/repository/app/repository
./debbie/logs/app/log


Note: ./debbie/config external directory is the directory included in the example tenant config file (looney-validation-demo.tgz) that you downloaded and stored on your local computer.

Step 6- Configure docker-compose.yml and restart the container

Use the previous variables and volume mappings to define the new configuration, in this example as a docker_compose.yml file.

Code Block
languagegroovy
themeDJango
titledocker-compose.yml
version: '3'

services:

  debbie:
    image: certisursa/debbie:latest
    volumes:
      - "./debbie/config:/app/config"
      - "./debbie/repository:/app/repository"
      - "./debbie/logs:/app/log"
    ports:
      - 8081:8080


Launch the container from a shell

Code Block
languagebash
themeDJango
> docker-compose --verbose -f docker-compose.yml up -d


Open your browser pointing to localhost:8081 (or the port defined by you) to access the URL where you published your Debbie installation. You'll see the following image.

If you can see this image means that you have Debbie running into your docker container.



Configuration


To complete the configuration of Debbie, you must complete two main sessions:



Logging


Logger names are assembled from the name of the URL where the service is published. Every "." found in the **"url"** field is replaced by "\_".


A special logger is defined for the system itself, it is called "debbieLog". Each tenant has 2 potentials loggers: <tenant>Log and <tenant>Audit. The latter only generates validation outputs, both successful and failed.

Note
titlecase sensitive

All log configuration field values are case sensitive.


Each tenant can define its own logger file. Modify the following template to create your own log file. Replace <tenant> by your tenant name.


Code Block
languagetext
titleTenant Logger Template
# ---------------------------------------------------------
# <tenant>
# ---------------------------------------------------------
# Logger del servicio <tenant> (Auditoria)
log4j.logger.<tenant>Audit=INFO, <tenant>Appender
log4j.additivity.<tenant>Audit=false

# <tenant> Appender
log4j.appender.<tenant>Appender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=0
log4j.appender.<tenant>Appender.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-audit-%i.log.gz
log4j.appender.<tenant>Appender.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-audit.log
log4j.appender.<tenant>Appender.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# Logger del servicio <tenant> (Sistema)
log4j.logger.<tenant>Log=INFO, <tenant>Appender1
log4j.additivity.<tenant>Audit=false
# <tenant> Appender
log4j.appender.<tenant>Appender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.<tenant>Appender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.<tenant>Appender1.rollingPolicy.minIndex=0
log4j.appender.<tenant>Appender1.rollingPolicy.maxIndex=12
log4j.appender.<tenant>Appender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.<tenant>Appender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.<tenant>Appender1.rollingPolicy.FileNamePattern=${app.log.dir}/<tenant>-system-%i.log.gz
log4j.appender.<tenant>Appender1.rollingPolicy.ActiveFileName=${app.log.dir}/<tenant>-system.log
log4j.appender.<tenant>Appender1.layout=org.apache.log4j.PatternLayout
log4j.appender.<tenant>Appender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n


Following is the content of the debbielog.properties configuration file included in with the validation service distribution.


Code Block
languagetext
titledebbie-log.properties example
# Logger default
log4j.rootLogger=INFO

# ---------------------------------------------------------
# System Logger
log4j.logger.debbieLog=INFO, debbieAppender
log4j.additivity.debbieLog=false
# Debbie Appender
log4j.appender.debbieAppender=org.apache.log4j.FileAppender
log4j.appender.debbieAppender.file=${app.log.dir}/debbie-system.log
log4j.appender.debbieAppender.file.MaxFileSize=10MB
log4j.appender.debbieAppender.file.MaxBackupIndex=10
log4j.appender.debbieAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.debbieAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME
# ---------------------------------------------------------
# ACME service Logger (Audit)
log4j.logger.acmeAudit=INFO, acmeAppender
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender.rollingPolicy.maxIndex=0
log4j.appender.acmeAppender.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender.rollingPolicy.FileNamePattern=${app.log.dir}/acme-audit-%i.log.gz
log4j.appender.acmeAppender.rollingPolicy.ActiveFileName=${app.log.dir}/acme-audit.log
log4j.appender.acmeAppender.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n

# ---------------------------------------------------------
# ACME service Logger (System)
log4j.logger.acmeLog=INFO, acmeAppender1
log4j.additivity.acmeAudit=false

# ACME Appender
log4j.appender.acmeAppender1=org.apache.log4j.rolling.RollingFileAppender
log4j.appender.acmeAppender1.rollingPolicy=org.apache.log4j.rolling.FixedWindowRollingPolicy
log4j.appender.acmeAppender1.rollingPolicy.minIndex=0
log4j.appender.acmeAppender1.rollingPolicy.maxIndex=12
log4j.appender.acmeAppender1.triggeringPolicy=org.apache.log4j.rolling.SizeBasedTriggeringPolicy
log4j.appender.acmeAppender1.triggeringPolicy.MaxFileSize=10240000
log4j.appender.acmeAppender1.rollingPolicy.FileNamePattern=${app.log.dir}/acme-system-%i.log.gz
log4j.appender.acmeAppender1.rollingPolicy.ActiveFileName=${app.log.dir}/acme-system.log
log4j.appender.acmeAppender1.layout=org.apache.log4j.PatternLayout
log4j.appender.acmeAppender1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p [%t]: %m%n



License


Depending on the kind of distribution used, you must request an extended license and install it. 


For .zip file distributions you will have to generate a license request code. Follow these steps to generate that code.


Code Block
languagetext
titleConfigutation file
# IP where debbie listen
server.ip=<IP>

# Server port
server.port=8002  


Run the following command:

Code Block
languagebash
themeDJango
titleRequest License Windows
c:> genlicense-win.bat


Code Block
languagebash
themeDJango
titleRequest License Windows
# genlicense-linux.sh


Send an email to support@certisur.com with the following additional information:

  • Company Name
  • Contact name
  • eMail 
  • Server Name (used to identify the request. It won't affect the license if you change this value in the future).
  • Environment (Develop/QA/Production)
  • Distribution (.zip file/docker)
  • License request code (if you generate one in the previous step)


You'll receive an email with the license, and included it into the configuration file like:

Code Block
languagetext
titleLicense
server.license=20190601014449:GeIdlvYetkRld5CjlcDfzK9/KjuonNKIanpJ9xLShXRf434343rfFfsdfv444x+Fa3Xmezu3Acg3dTqcYKZtUqMWWCygtzleivcH9iHsbGbT3TkiMQvZWruhroVg46j9IlHTmPPx234luNTv943b3ZP2kEaU00mwAkyKnr9UHl44c=


Restart Debbie and check into the log file that the new license is working.