Securing Communication to EPS Devices by Importing Trusted Certificates

Tip: Please note if you alter the Java JRE used to run EFTLink away from its defaults, please be aware that you may also have to edit the “truststore” script to point to the new location of the JRE.

Only for cores that support trusted connection to EPS devices, currently just OPIRetail core v24, a truststore with the trusted certificates must be created. A batch file, truststore.bat, and a Linux script, truststore.sh, are included in the EFTLink project to facilitate the creation of the truststore.

Locate the truststore.bat / truststore.sh file in the EFTLink folder.
From a terminal, run the truststore script file with an appropriate set of parameters to import the trusted EPS device certificate chain.

truststore.bat -i <alias> <certificate file>

truststore.sh -i <alias> <certificate file>

For example: truststore.bat -i providername provider_trusted_public_cert.crt
Repeat step 2 for every public trusted certificate or part of the chain that need to be imported.

Table 2-8 Import of Trusted Certificate Parameters

Switch	Parameter	Description	Supported Value
-i	<alias>	Alias for the certificate.	Alphanumeric, must be unique for every imported certificate.
<certificate file>	Public trusted certificate file.	EPS device security certificate chain in PEM format. Consult the payment provider’s instructions to obtain the correct certificate used by the trusted EPS device for production or test environment.

Switch

Parameter

Description

Supported Value

-i

<alias>

Alias for the certificate.

Alphanumeric, must be unique for every imported certificate.

Public trusted certificate file.

EPS device security certificate chain in PEM format.

Consult the payment provider’s instructions to obtain the correct certificate used by the trusted EPS device for production or test environment.

Once the first trusted certificate will be imported, the following files will be created on the system in the keys subfolder of EFTLink:

eftlink.truststore.jks required to be held on the EFTLink Server

eftlink.truststore.properties required to be held on EFTLink Server

A list of all certificates imported on the truststore can be obtained with:

truststore.bat -l

Eventually a certificate can be removed from the truststore with:

truststore.bat -d alias

Prints a certificate file content:

truststore.bat -p certificate_file.crt