close

Filter

loading table of contents...

Blueprint Developer Manual / Version 2310

Table Of Contents

6.3.8 Sign Cookie

The signCookie.privateKey and signCookie.publicKey properties are used to configure a RSA key pair that is used to recognize returning unknown visitors via a signed token. The token is created and verified by com.coremedia.blueprint.elastic.social.cae.guid.GuidCookieHandler.

Private and public key must be set via Spring Settings for all deployed blueprint CAE instances.

The recommended way to create a key pair is to use external tools like OpenSSL. To generate a key pair with OpenSSL follow these steps:

  • Generate Private Key: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem

    Show Private Key: openssl pkey -in private-key.pem -text

    Generate corresponding Public Key: openssl pkey -in private-key.pem -out public-key.pem -pubout

    Show Public Key: openssl pkey -in public-key.pem -pubin -text

Another possible way to generate a key pair is to create a custom JVM based tool using the Java standard library classes java.security.KeyFactory and java.security.KeyPairGenerator.

A less recommended way is to generate the key pair via CAE code or application:

  • Execute the main method of the class RSAKeyPair, the newly generated RSA key pair is logged on level WARN.

  • Use the actuator endpoint of the CAE: /actuator/rsakeypair

A newly generated RSA key pair must be added to the application properties of all existing CAEs.

If no or invalid key values are configured, the application generates temporary keys that are not persisted and only valid for the current CAE application.

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.