Hitachi

JP1 Version 12 JP1/Navigation Platform Setup and Operations Guide

4.10.1 Files required for HTTPS communication and where to place them

Organization of this subsection

(1) Files required for HTTPS communication

The files required by Navigation Platform for HTTPS communication are outlined below.

Table 4‒3: Files required for HTTPS communication and prerequisites

No.

File

Prerequisites

1

Private server key
When using RSA encryption

  • Key length: 2048 bits

  • PKCS#1 format

  • Encrypted#1#2

When using ECC (elliptic-curve cryptography)

  • Key length: 256 bits or 384 bits (when the elliptic curve is NIST P-256 or P-384)

  • PKCS#8 format

  • Encrypted#1#2

2

Password file (file used to decrypt the private server key)

Must be generated with the sslpasswd.bat command provided with Navigation Platform.

3

Server certificate

The following conditions must be met:

1. X.509 PEM format

2. The CA signature algorithm and key length combination must be either of the following:

When using RSA encryption

  • Signature algorithm: SHA-256

  • Key length of the private key: 2048 bits

When using ECDSA (elliptic-curve DSA) encryption

  • Signature algorithm: SHA-256

  • Key length of the private key: 256 bits or 384 bits (NIST P-256 or P-384)

4

CA certificate (file required when the server certificate is issued by the CA)#3

X.509 PEM format
#1

For details about how to check whether the private server key is encrypted, see 4.10.3(1) Procedure for confirming private server key encryption.

#2

For details about how to create an encrypted private server key from an unencrypted private server key, see 4.10.4 Procedure to encrypt unencrypted private server keys.

#3

When using both RSA encryption and ECC server certificates, use the same CA certificate.

To Page Top

(2) Placement of files required for HTTPS communication

Files required for HTTPS communication must be placed before running the npsetup command (setup).

Place the file corresponding to the encryption method specified for the ucnp.setup.server.cosminexus.hws.http.ssl.privatekey.type property in the user setup property file (ucnp_setup_user.properties).

Details on the encryption method and corresponding file destination are provided below.

Table 4‒4: Files required for HTTPS communication and their destination path

No.

Private server key encryption method

File type

File name#

File destination path

1

RSA

Private server key

httpsdkey.pem

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

2

assword file

.keypasswd

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

3

Server certificate

httpsd.pem

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

4

ECC

Private server key

httpsdkey-ecc.pem

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

5

assword file

.keypasswd-ecc

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

6

Server certificate

httpsd-ecc.pem

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\server

7

Both RSA/ECC

CA certificate

anycert.pem

%UCNP_HOME%\PP\uCPSB\httpsd\conf\ssl\cacert
#

File names cannot be changed.

To Page Top

All Rights Reserved. Copyright (C) 2019, 2022, Hitachi, Ltd.