Streav
Streav

API Certificates

The Streav API requires two certificates for secure communication: signing and encryption. These certificates are essential for ensuring the authenticity, integrity, and confidentiality of data exchanged between the API and clients.

If the certificates are not configured explicitly, default development certificates will be used. However, it's not recommended for production deployments due to security reasons.

Before proceeding with the tutorials, ensure that OpenSSL is installed on your system.

Generate Self-Signed Encryption Certificate

# Step 1: Generate a private key
openssl genrsa -out private-key.pem 2048

# Step 2: Create a certificate signing request (CSR)
openssl req -new -key private-key.pem -out certificate.csr -subj "/CN=Streav Encryption Certificate"

# Step 3: Sign the CSR to generate a self-signed certificate
openssl x509 -req -in certificate.csr -signkey private-key.pem -out certificate.pem -days 730 -extfile <(printf "keyUsage=critical,keyEncipherment")

# Step 4: Export the certificate and private key in PKCS12 format (PFX)
openssl pkcs12 -export -out encryption-certificate.pfx -inkey private-key.pem -in certificate.pem -passout pass:<INSERT_PASSWORD_HERE>

Generate Self-Signed Signing Certificate

# Step 1: Generate a private key
openssl genrsa -out private-key.pem 2048

# Step 2: Create a certificate signing request (CSR)
openssl req -new -key private-key.pem -out certificate.csr -subj "/CN=Streav Signing Certificate"

# Step 3: Sign the CSR to generate a self-signed certificate
openssl x509 -req -in certificate.csr -signkey private-key.pem -out certificate.pem -days 730 -extfile <(printf "keyUsage=critical,digitalSignature")

# Step 4: Export the certificate and private key in PKCS12 format (PFX)
openssl pkcs12 -export -out signing-certificate.pfx -inkey private-key.pem -in certificate.pem -passout pass:<INSERT_PASSWORD_HERE>

Docker Compose

This Docker Compose example provides a minimal configuration to deploy the Streav API with certificates configured.

  api:
    image: streav/api:beta
    restart: unless-stopped
    ports:
      - '8001:5000'
    depends_on:
      - postgres
      - rabbitmq
      - redis
    volumes:
      - /path/to/encryption-certificate.pfx:/path/to/encryption-certificate.pfx
      - /path/to/signing-certificate.pfx:/path/to/signing-certificate.pfx
    environment:
      - Postgres=Server=postgres;Port=5432;Database=streav;User Id=streav;Password=test;
      - RabbitMq__Host=rabbitmq
      - RabbitMq__Username=test
      - RabbitMq__Password=test
      - Redis__Hosts__0__Host=redis
      - Redis__Database=0
      - Redis__Password=test
      - LicenseKey=XXXX
      - Certificates__Encryption__Path=/path/to/encryption-certificate.pfx
      - Certificates__Encryption__Password=encryption_password
      - Certificates__Signing__Path=/path/to/signing-certificate.pfx
      - Certificates__Signing__Password=signing_password