Skip to main content

Retrieve a demo certificate

To be able to send traffic through the FSC NLX network, you'll need a certificate and private key. The certificate and key are used to encrypt traffic between you and other nodes. In this part we will generate & install the required organization certificate.

Next to the organization certificate you also need certificates from an internal PKI to encrypt traffic between NLX components (such as the Controller and the Inway). The script below will also generate these for you.

Before you continue, make sure you have set up your environment.

Generate internal & organization certificates

Generate the required internal and organization certificates by running the following command in the nlx-try-me directory.

docker run --rm -it -v $(pwd):/workdir -w /workdir --entrypoint /bin/bash cfssl/cfssl:1.6.1 ./scripts/

The script will ask you several questions.

Script questions

Answer the questions accordingly:

  • Manager domain, this should correspond to the Fully Qualified Domain Name (FQDN) of your Manager,
  • Inway domain, this should correspond to the Fully Qualified Domain Name (FQDN) of your Inway,
  • Country, enter any value
  • State, enter any value
  • Locality Name, enter any value
  • Organization Name, please enter a URL-friendly value with a maximum length of 100 characters. A good value could be: my-organization.
  • Organization Unit Name, enter any value
  • Email Address, enter any value
  • Organization Serial Number (optional), enter a serial number with a maximum length of 20 characters. Also make sure this value is unique for the network in the directory overview as we do not check for uniqueness.

The output should contain the answers you've provided when you created the certificate.

Example of the output: Subject: C=nl, ST=zuid-holland, L=gemeente-stijns, O=my-organization, OU=my-organization-unit,

The value after serialNumber= in the Subject's CN field is the primary way to identify your organization on NLX.

In sum

All required certificates are available now. So far, we have:

  • Generated the internal certificates for internal communication between components like Inway and Controller.
  • Downloaded the NLX Demo CA root certificate
  • Generated our own certificate and private key, so we are allowed to communicate with the APIs on the FSC NLX network.

Now let's get up and running to make sure you have all software installed to get started.