Blueprint Developer Manual / Version 2406.1
Table Of Contents
The signCookie.privateKey
and signCookie.publicKey
properties are used to configure a RSA key pair that is used to recognize returning unknown visitors via a signed token.
The token is created and verified by com.coremedia.blueprint.elastic.social.cae.guid.GuidCookieHandler
.
Private and public key must be set via Spring Settings for all deployed blueprint CAE instances.
The recommended way to create a key pair is to use external tools like OpenSSL. To generate a key pair with OpenSSL follow these steps:
Generate Private Key:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private-key.pem
Show Private Key:
openssl pkey -in private-key.pem -text
Generate corresponding Public Key:
openssl pkey -in private-key.pem -out public-key.pem -pubout
Show Public Key:
openssl pkey -in public-key.pem -pubin -text
Another possible way to generate a key pair is to create a custom JVM based tool using the Java standard library classes
java.security.KeyFactory
and java.security.KeyPairGenerator
.
A less recommended way is to generate the key pair via CAE code or application:
Execute the main method of the class RSAKeyPair, the newly generated RSA key pair is logged on level WARN.
Use the actuator endpoint of the CAE: /actuator/rsakeypair
A newly generated RSA key pair must be added to the application properties of all existing CAEs.
If no or invalid key values are configured, the application generates temporary keys that are not persisted and only valid for the current CAE application.