Go directly to contents.
Suomi.fi Data Exchange Layer

Server installations of the FI-DEV development environment of the Data Exchange Layer

This article describes the server installations of the Suomi.fi Data Exchange Layer development environment (FI-DEV).
If you are connecting to the Data Exchange Layer test environment (FI-TEST) or production environment (FI), see the support article on server installations in test and production environments.

The development environment

The Data Exchange Layer development environment or instance is called FI-DEV.

Specifications to the member code

The business ID is recorded as a Member code without the FI prefix, i.e., 0920632-0.

When connecting to the Data Exchange Layer development environment as a private person, first contact the Data Exchange Layer support at palveluvayla@palveluvayla.fi.

The service administrators provide you with the required connection information (member name and member code).

In the case of private individuals, the Member code is a sequence numbering 0000001-0, 0000002-0, etc., instead of a business ID.

We do not recommend that you use your own name for a Security Server or subsystems, for example. You should use an invented name and discuss naming with Data Exchange Layer support.

Classification of connecting members, Member classes

  • GOV: Government institutions
  • COM: Commercial operators
  • PRI: private individuals
  • EDU: Education and training sector
  • MUN: Municipalities

Naming the Security Server

The DNS host name on the Security Server is always lowercase. The name must include the organisation’s name or official abbreviation, for example, if CSC is the organisation:

  • csclp01.domain.fi
  • In this case, the Security Server’s Server code is csclp01

Appointed contact persons – roles and responsibilities

Any requests to modify the system (such as adding subsystems, firewall port openings) must be made through the contact persons indicated in the connection request.

Modification management can be transferred to a third party, or you can make changes to modification management that has already been transferred. The responsible contact person must notify the Data Exchange Layer Maintenance Service of any changes concerning the modification management.

Information on certificates in the development environment

Information required for the server’s Signing Certificate

Fields required for the Signing Certificate:

  • C=<country> (always FI)
  • O=<organization> (organisation’s name without special Nordic characters)
  • CN=<memberCode> (organisation’s business ID)
  • serialNumber=<instanceIdentifier/serverCode/memberClass/>

Example of a development environment Signing Certificate

Signing Certificate example when the organisation is a private individual (Matti Meikäläinen) and the server’s FQDN is vrklpdev01.oma.fi:

  • C=FI
  • O=testmember
  • CN=0000001-0 (for private individuals, the Data Exchange Layer Maintenance Service fills in automatically; for organisations, enter the business ID)
  • serialNumber=FI-DEV/vrklpdev01/PRI/

Example content of the Distinguished Name field used to create the Signing Certificate for the Security Server with the above details:

C=FI, O=testmember, CN=0000001-0, serialNumber=FI-DEV/vrklpdev01/PRI

Information required for the server’s Authentication Certificate (Auth Certificate)

  • C=<country> (always FI)
  • O=<organization> (organisation’s name without special Nordic characters)
  • CN=<commonName> (server’s FQDN)
  • serialNumber=<instanceIdentifier/serverCode/memberClass/>

Example of the Authentication Certificate in the development environment
Authentication Certificate example when the organisation is a private individual (Matti Meikäläinen) and the server’s FQDN is vrklpdev01.oma.fi:

  • C=FI
  • O=testmember
  • CN=vrklpdev01.oma.fi
  • serialNumber=FI-DEV/vrklpdev01/PRI/

Example content of the Distinguished Name field used to create the Authentication Certificate for the Security Server with the above details:
C=FI, O=testmember, CN=vrklpdev01.oma.fi, serialNumber=FI-DEV/vrklpdev01/PRI

Special considerations in the development environment (FI-DEV) before installing software on servers

Before installing software on servers in the development environment, the following information should be available. Example values used in this installation are shown in parentheses.

Supported server operating systems:

  • Red Hat Enterprise Linux 7, 8
  • Ubuntu 18.04 LTS, Ubuntu 20.04 LTS 64-bit, server version

X-Road environment: (FI-DEV)

The server’s owner must be a member of the above-mentioned X-Road environment with the following information:

  • server owner’s Member class: (GOV)
  • server owner’s Member name: (VRK)
  • server owner’s (Business ID) Member code: (0245437-2)

Server’s name: (pv6tvrklp01)

Use the name or abbreviation of the organisation that owns the Security Server in the host section of the Security Server’s name, such as vrklp01.csc.fi or csclp01.csc.fi.

NB! The system is character-size dependent, so always use lowercase letters in the server name!

Server FQDN: (pv6tvrklp01.csc.fi)
Server code: (pv6tvrklp01)
Server PIN:

  • A string of at least 10 characters, containing characters from at least three of the following categories: lowercase characters, uppercase characters, numbers and special characters.
  • Please save the PIN – if you lose the PIN, the Security Server must be reinstalled to change it.

If NAT is used:

  • Private Server IP: (10.10.20.29). IP must be unchanged. If DHCP is used, the server must always receive the same private IP address.
  • Public Server IP: (193.166.24.159). Address must be unchanged.

If only public IP addresses are used:

  • Public Server IP: (193.166.24.159) Address must be unchanged.

You should add the server’s private IP in the /etc/hosts file. The first two rows of the hosts file for this server are shown below:

127.0.0.1 localhost
10.10.20.29 pv6tvrklp01 pv6tvrklp01.csc.fi

If the server communicates with the organisation’s information systems using private IP addresses, these addresses should also be listed in the /etc/hosts file.

Other installation topics related to the development environment

The easiest way to install (at least on a single device) is to copy the commands in the article and paste them directly into the SSH window that you have opened on the server you are installing. You can also write the commands, but that increases the possibility of errors considerably. The service maintenance strongly recommends copying commands. Please note, however, that some settings are server-specific, so you cannot copy everything without changing it.

If necessary, change the Ubuntu keyboard settings using the following commands:

sudo apt-get install console-common
sudo dpkg-reconfigure console-data

Static hostname setting required for the OpenStack environment:

sudo nano /etc/cloud/cloud.cfg
preserve hostname: true
Updated: 10/10/2024

Are you satisfied with the content on this page?