Secure Communication

General Description

The Secure Communication component installs, issues, and revokes digital certificates, which are strictly necessary to securely exchange information between ZDMP assets and external resources. From the Security Command Centre UI, the administrator can revoke, renew, and install certificates.

This component includes a Certification Authority (CA) and a Registration Authority (RA). These are the core of this component and is responsible for issuing/revoking certificates and matching identities with certificates, respectively.

Resource Location
Source Code Link
Latest Release (v1.0.0) Download
Open API Spec Link
Video Link
Further Guidance None
Related Datasets None
Additional links None
Generation of this content 6 May 2021


The following images are illustrative screen shots of the component.

Figure 32: Security command centre certificates list

Component Author

Company Name ZDMP Acronym Website Logo
Instituto Tecnológico de Informática ITI

Commercial Information

Resource Location
IPR Link Secure Communication
Price [For determination at end of project]
License [For determination at end of project]
Privacy Policy [For determination at end of project]
Volume License [For determination at end of project]

Architecture Diagram

The following diagram shows the position of this component in the ZDMP architecture.

Figure 33: Position of Component in ZDMP Architecture


  • Solve the security aspects that require encryption, data integrity, privacy, and mutual trust

  • Address the Transport & Application layer security enabling a simplified management of certificates


This component offers the following features:

  • Retrieve certificates: Recover details (status) of a given certificate

  • Certificate issuer: Enables T5.2 Authentication & Authorization to request new certificates for new users managed by the Security Command Centre

  • Certificate download: To download generated certificates in different formats. This enables the user to download the certificate on demand, directly, given correct credentials

  • Server Certificate issuer: Requests an installed CA to create and store server certificate, with different possible hash methods (initially assume sha256, other possibilities)

  • Client certificate issuer: To request an installed CA to create and store client certificates, with different possible hash methods (initially assume sha256, other possibilities)

  • Install Certificate Authorities: To install and manage Certificate Authorities

  • Inspect details on issued certificates: To request a list of installed certificates and CAs with detailed information

  • Manage certificates life cycle: To manage revoked certificates, to renew them, or add them to a CRL list

System Requirements

Minimal requirements needed:

  • Computer with Docker Engine installed (tested in v19.03.8, on Windows)

  • Security Command Centre

Associated ZDMP Services


How to use


The installation of this component is performed through Docker commands to run docker images. The Secure Communication component can be installed via docker-compose:

  1. Download the latest source code from ZDMP’s GitLab repository Download

  2. Unzip the folder in the desired workspace

  3. Check the desired configuration parameters in the form of environment variables in the docker-compose file. Two variables can be set, KC-AUTHORIZATION to enable login of the component with KEYCLOAK if the component has been assigned a token, and API_OUTPUT_AS_JSON, to select legacy output or pure JSON responses

Figure 34: Configuring the secure communications component

  1. Through the command line, go to the orchestration folder and run docker-compose command as follows:

  1. In order to use this component via the Security Command Centre UI, please consider the installation process of Secure Authentication and Authorisation and Secure Installation. Refer to those components for further information:
  1. In order to deploy this component as part of the Application Run-time, please refer to that component for further instructions:

Certificate Management

The final usage of this component is envisaged to be through the UI of the Security Command Centre. Nevertheless, a POSTMAN collection is provided, which groups every API call to be tested unitarily, given the user has deployed the Docker Compose file in localhost (if not, it can be performed by editing the calls with the correct URL).

The Security Communication component is also implemented in the Command Centre with the required forms to interact with the Security Communication component. IT administrators are able to install or import a Certificate Authority (CA) through the Security Command Centre UI by providing the CA content and filling in additional parameters such as the encryption algorithm, country, location, and organization name.

Figure 35: Security command centre CA creation

Figure 36: Importing an existing CA

Figure 37: Security command centre certificate authority list

Once the CA is installed, the IT administrator can issue device certificates with the installed CA and download them.

The IT administrator can manage certificates life cycle by revoking already issued certificates, issuing new certificates, or revoking existing ones.

Figure 38: Security command centre certificate list

Finally, to use certificates in any application, follow specific guides according to the protocol of choice. Below an example of using certificates in MQTT or OPC-UA with NODE-RED can be found.

Figure 39 Example of using certificates

Last modified November 4, 2021