ON THIS PAGE

Firmware Version 6.1

This object allows you to register client certificates with the player. These certificates can be used by roHtmlWidget objects when communicating with websites. If there are multiple roHtmlWidget instances, they will share the same certificate database.

Client certificates are not persistent on a BrightSign player; they must be registered with the certificate database after each reboot.

ifKeyStore

GetFailureReason() As String

Returns additional useful information if an ifKeyStore method returns False.

AddCACertificate(certificate_file As String) As Boolean

Registers the specified CA certificate with the certificate database. Client certificates can be either self-signed or signed using a 3rd-party certificate issuer (Versign, DigiCert, etc.).

AddClientCertificate(parameters As roAssociativeArray) As Boolean

Registers a .p12 client certificate with the certificate database. This method accepts an associative array with the following parameters:

certificate_file: The file name and path of the .p12 client certificate.
passphrase: A passphrase for the .p12 client certificate.
obfuscated_passphrase: An obfuscated passphrase for the .p12 client certificate.

Important

Provide the passphrase using either the "passphrase" or "obfuscated_passphrase" parameter (not both). We recommend using the "obfuscated_passphrase" in production environments, while the "passphrase" should be used for testing purposes only. Contact support@brightsign.biz to learn more about generating a key for obfuscation and storing it on the player.

BrightSign players use the "nickname" of a .p12 client certificate to match it with a website. The "nickname" consists of the host:port of the web address you wish to match: For example, to use a client certificate for https://brightsign.biz, you would specify a "nickname" of "brightsign.biz:443".

The following example uses an openssl terminal to generate a .p12 client certificate to use with https://brightsign.biz.

openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 -name "brightsign.biz:443"

ifUserData

SetUserData(user_data As Object)

Sets the user data that will be returned when events are raised.

GetUserData() As Object

Returns the user data that has previously been set via SetUserData(). It will return Invalid if no data has been set.

ifMessagePort

SetPort(port As roMessagePort)

Posts messages to the attached message port.

Example

k=createobject("rokeystore")
k.addcacertificate("ssd:/apache.crt")
aa = CreateObject("roAssociativeArray")
aa.AddReplace("certificate_file", "ssd:/client.p12")
aa.AddReplace("passphrase", "1q2w3e4r")
k.addclientcertificate(aa)

Browser not supported