Centro stella dei pagamenti elettronici
  • Centro Stella
    • Instructions for Agenzia delle Entrate Mandate
      • How to join
        • 01. Sign the Agreement
        • 02. Integrate PagoPA Environments
          • Open routes
          • Request the mutual authentication certificates
          • Obtain an API key
          • Wait for activation email
          • Check if you are enabled for PagoPA UAT environment
        • 03. Configure the Batch Service
          • Prepare the Java KeyStore
          • Install the software
            • How to install JAR version
              • Download JAR file
              • Prepare the working directories
              • Define environment variables
            • How to install Docker version
              • Download Docker image
              • Define environment variables
              • Choose working directory to mount
          • Run the software
            • Run from JAR
            • Run with Docker
        • 04. Test and monitor integration
          • Test UAT
          • Test PROD
        • 05. Go live!
      • Releases / Changelog
        • Note regarding the modifications from 2.2.0 to 2.2.3
        • Note regarding the modifications from 2.1.2 to 2.2.0
        • Note regarding the modifications of the yaml file from 2.0.0 to 2.1.0
        • Note regarding the modifications of the yaml file from 1.5.1 to 2.0.0
        • Note regarding the modifications of the yaml file from 1.4.1 to 1.5.0
        • Note regarding the modifications of the yaml file from 1.3.2 to 1.4.1
        • Note regarding the modifications of the yaml file from 1.2.5 to 1.3.2
      • Appendixes
        • Appendix 1 - Environments
        • Appendix 2 - Input file specifications
        • Appendix 3 - AdE output file specifications
          • Appendix 3 - AdE output file specifications v1.2.5
        • Appendix 4 - AdE errors file specifications
        • Appendix 5 - Logback configuration
        • Appendix 6 - Configuration properties
        • Appendix 7 - Console log overview
        • Appendix 8 - Database connection for Spring Batch
        • Appendix 9 - FAQ & Troubleshooting
        • Appendix 10 - Python and Poetry installation
        • Appendix 11 - List of output and log files
      • Api Integration
  • Glossary
  • RTD documentation
    • Input file specifications
Powered by GitBook
On this page
  • Import the client key and certificate into a Java KeyStore
  • Add the server root CA certificate to the Java KeyStore
  • Quick reference
  1. Centro Stella
  2. Instructions for Agenzia delle Entrate Mandate
  3. How to join
  4. 03. Configure the Batch Service

Prepare the Java KeyStore

Previous03. Configure the Batch ServiceNextInstall the software

Last updated 10 months ago

Import the client key and certificate into a Java KeyStore

The key and certificate must be converted to an intermediate PKCS#12 format:

Take note of the used password.

openssl pkcs12 -export -in COMPANY_NAME_UAT.pem -inkey COMPANY_NAME_UAT.key -out certificate.p12 -name "certificate"

From this new files create a file in JKS format:

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore certs.jks

Expected output:

Importing keystore certificate.p12 to certs.jks...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias certificate successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

To ensure compatibility of the generated KeyStore with the target JRE make sure that the keytool command has been distributed with the same major version of Java (e.g. keytool distributed with JDK Java 11, JRE execution environment Java 11).

Add the server root CA certificate to the Java KeyStore

To validate the server certificate (https://api.cstar.pagopa.it/ for production, https://api.uat.cstar.pagopa.it/ for UAT) please add the root CA certificate () to the new KeyStore.

wget -O lets-encrypt-r10.pem https://letsencrypt.org/certs/2024/r10.pem
wget -O lets-encrypt-r11.pem https://letsencrypt.org/certs/2024/r11.pem
wget -O lets-encrypt-e5.pem https://letsencrypt.org/certs/2024/e5.pem
wget -O lets-encrypt-e6.pem https://letsencrypt.org/certs/2024/e6.pem
wget -O lets-encrypt-e5-cross.pem https://letsencrypt.org/certs/2024/e5-cross.pem
wget -O lets-encrypt-e6-cross.pem https://letsencrypt.org/certs/2024/e6-cross.pem


keytool -import -trustcacerts -file "lets-encrypt-r10.pem" -alias lets-encrypt-r10 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-r11.pem" -alias lets-encrypt-r11 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e5.pem" -alias lets-encrypt-e5 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e6.pem" -alias lets-encrypt-e6 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e5-cross.pem" -alias lets-encrypt-e5-cross -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e6-cross.pem" -alias lets-encrypt-e6-cross -keystore certs.jks

Enter keystore password:
Certificate was added to keystore

Quick reference

openssl pkcs12 -export -in <CERTIFICATE>.pem -inkey <PRIVATE_KEY>.key -out certificate.p12 -name "certificate"
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore certs.jks
wget -O lets-encrypt-r10.pem https://letsencrypt.org/certs/2024/r10.pem
wget -O lets-encrypt-r11.pem https://letsencrypt.org/certs/2024/r11.pem
wget -O lets-encrypt-e5.pem https://letsencrypt.org/certs/2024/e5.pem
wget -O lets-encrypt-e6.pem https://letsencrypt.org/certs/2024/e6.pem
wget -O lets-encrypt-e5-cross.pem https://letsencrypt.org/certs/2024/e5-cross.pem
wget -O lets-encrypt-e6-cross.pem https://letsencrypt.org/certs/2024/e6-cross.pem
keytool -import -trustcacerts -file "lets-encrypt-r10.pem" -alias lets-encrypt-r10 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-r11.pem" -alias lets-encrypt-r11 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e5.pem" -alias lets-encrypt-e5 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e6.pem" -alias lets-encrypt-e6 -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e5-cross.pem" -alias lets-encrypt-e5-cross -keystore certs.jks
keytool -import -trustcacerts -file "lets-encrypt-e6-cross.pem" -alias lets-encrypt-e6-cross -keystore certs.jks
Let’s Encrypt R3