Blueprint Developer Manual / Version 2304
Table Of Contents
The signCookie.privateKey
and signCookie.publicKey
properties are used to configure a RSA key pair that is used to recognize returning unknown visitors via a signed token.
The token is created and verified by com.coremedia.blueprint.elastic.social.cae.guid.GuidCookieHandler
.
Private and public key must be set via Spring Settings for all deployed blueprint CAE instances.
The recommended way to create a key pair is to use external tools like OpenSSL. To generate a key pair with OpenSSL follow these steps:
Generate Private Key:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem
Show Private Key:
openssl pkey -in private-key.pem -text
Generate corresponding Public Key:
openssl pkey -in private-key.pem -out public-key.pem -pubout
Show Public Key:
openssl pkey -in public-key.pem -pubin -text
Another possible way to generate a key pair is to create a custom JVM based tool using the Java standard library classes
java.security.KeyFactory
and java.security.KeyPairGenerator
.
A third but less recommended way is to simply not configure these keys, start your CAE instance and then copy the key pair from that CAE's log file. The generated key pair is logged at level WARN.