Provides various credential types for OSF Builder Suite For Salesforce Commerce Cloud plugins
Two-factor authentication for code deployment is a PCI requirement, to be used on the Staging instance only. Code deployment is not possible to Production. However, standard one-factor code deployment can be used to all other instances, including Development and Sandbox instances.
The Staging instance has the following hostnames:
|Hostname||To be used...|
||for code deployments.|
||by merchants, developer, etc. to work with the Business Manager or preview in the storefront.|
The Certificate.zip file is attached to a SFCC support case for the customer who originated the request to enable two-factor authentication.
This file contains:
$name is an identifier unique to a particular customer. For example, it can reflect the instance or company name. These files should be considered highly sensitive. While they are only part of what is needed to upload SSL customization to the SFCC system, they should be provided to a single trusted employee within your organization, typically the administrator of your SFCC instances.
$name.txt contains the pass phrase that was used to create the certificate. You must provide this pass phrase every time you sign a key request.
cert.merchant.sitename.net_01.key cert.merchant.sitename.net_01.crt cert.merchant.sitename.net.srl cert.merchant.sitename.net_01.txt
openssl req -new -sha256 -newkey rsa:2048 -nodes -out $user.req -keyout $user.key
$user indicates the user that this key is for. We recommend that it be the same as the Business Manager user they are authenticating against. For example, if the SFCC instance username is jsmith, the certificate should be named jsmith.
Note: When prompted for information to be included in the certificate request, please provide information for the user that will be using the certificate (for example, jsmith).
CAUTION: Do not use generic names such as Release Team.
The output should be as follows:
Generating a 2048 bit RSA private key ....................++++++++++++ ........++++++++++++ writing new private key to '$user.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (city) : Organization Name (company) [Internet Widgits Pty Ltd]: Organizational Unit Name (section) : Common Name (YOUR name) : Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Note: The last two fields are optional. We recommend that you leave them blank. The challenge password is not used.
This should be the valid email address of the person using the certificate.
Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: Massachusetts Locality Name (city) : Organization Name (company) [Internet Widgits Pty Ltd]: Your Organizational Unit Name (section) : Customer Services Common Name (YOUR name) : John Smith Email Address : email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Note: SFCC supports OpenSSL ( http://www.openssl.org/ ) certificates.
openssl x509 -CA $name.crt -CAkey $name.key -CAserial $name.srl -req -in $user.req -out $user.pem -days $days
$days - the number of valid days for this client certificate following creation
$name - the name provided by SFCC
$user - the user of the client certificate you are signing. For example: jsmith
Note: The $name portion of the $name.srl file may be slightly different from other $name files. Make sure you enter the file name correctly.
openssl x509 -CA cert.staging.web.customer.demandware.net_01.crt -CAkey cert.staging.web.customer.demandware.net_01.key -CAserial cert.staging.web.customer.demandware.net.srl -req -in jsmith.req -out jsmith.pem -days 365
The certificate will be valid until it expires or you ask SFCC to revoke all certificates. Therefore you must plan carefully when assigning certificates to users.
The output of this command should look as follows:
Signature ok subject=/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=XX/emailAddressfirstname.lastname@example.org Getting CA Private Key Enter pass phrase for $name.key:
openssl pkcs12 -export -in $user.pem -inkey $user.key -certfile $name.crt -name "$user" -out $user.p12
$name is the name provided by SFCC.
$user is the user of the client certificate you are signing.
openssl pkcs12 -export -in jsmith.pem -inkey jsmith.key -certfile cert.staging.web.customer.demandware.net_01.crt -name "jsmith" -out jsmith.p12
This password must be provided to the end user who will be loading the certificate into Studio or another keystore.
The pkcs12 certificate can be used to connect to a Staging instance via Eclipse. The certificate can also be used with other WebDAV clients, such as the Windows built in WebDAV client.