Skip to content

CSR Client

Can I transfer files to Braincube with my own software?

Yes however, you must ensure that your transfer software meets the following requirements.

Using external tools for file transfering is intended for advanced users, and Braincube does not provide support for this.

Transferring software Requirements

HTTPS

TLS version supported HTTP2 Authentification Authorized cipher
TLS v1.2 & v1.3 No By certificate (EC)DHE-RSA-AES256-GCM-SHA>512:ECDHE-(ECDSA RSA)-CHACHA20-POLY1305:ECDHE-(ECDSA RSA)-AES128-GCM-SHA256:ECDHE-(ECDSA RSA)-AES256-SHA384:ECDHE-(ECDSA RSA)-AES128-SHA256

SFTP

Authentification SSH version authorized
By RSA key SSH-2

Declaring a new file-transfer client

To declare a new HTTPS or SFTP client, you need valid (granted) user credentials.

  • Download the CSR client tool designed for Braincube servers:
OS Platform Architecture Links Additional Dependencies
linux x64 linux linux_dep (also needs exec rights)
windows x64 windows
macos x64 macos

  • For Linux and Mac platform change the execution rights by executing this command :

    chmod a+x braincube-csr-client-linux

  • Open a terminal and start the binary with the onboard command by typing :

    ``` $ ./braincube-csr-client-linux o // for linux and mac c:\braincube-cr-client-win.exe o // for windows

    You can also import your own RSA private key pem file with a recommended length of 4096 bits to use it during the process by typing : $ ./braincube-csr-client-linux o // for linux and mac ```

  • You need to choose you entry point (braincubetransfer.mybraincube.com by default) and type enter

    ? SSO intance (Type domain or Press enter for the default value) ❯ braincubetransfer.mybraincube.com

  • Choose a name for your client and type enter

    ? Generated RSA private key file name (public key will be <private>.pub) (id_rsa) clientName

  • Choose if you want to test the connection after the csr, type Y or n and enter

    ? Check connection by sending .trash file (this will start the docker container) ? (Y/n) Y

  • Your default browser normaly open and you need to enter your braincube's credentials

You have only 60 seconds to do this onboard. After this time you may do an onboard again.

During the onboard the terminal give you some additional informations.

```
Posting board request
Onboarding to braincubetransfer.mybraincube.com
please visit https://braincubetransfer.mybraincube.com/sso-server/vendors/braincube/onboard.jsp?code=TEMP336eb2b4b1c04535
poll result was 404. you have 46 s
```

  • After a successful onboard return back to the terminal and you can see all the steps and finally the connection test state.

    poll result was 200. you have 40 s Generating Key Pair Saving Key Pair Generating Csr Signing CSR Verifing CSR Saving CSR Posting CSR CSR posted saving certificate Check connection Check connection on braincubetransfer.mybraincube.com for 61b563d3-7178-4b27-a771-ef88e17c874a post file result was 200 Connection SUCCESSFULL Private key path is /home/downloads/clientName Public key path is /home/downloads/clientName.pub CSR path is /home/downloads/clientName.csr Cert path is /home/downloads/clientName.pem Onboard file path is /home/downloads/clientName.onboard

  • The CSR client tool create some files in the same repository where you start the tool.

file Description
clientName.onboard Onboard file containing resuls path, and used for check mode
clientName Private key used for both SFTP and HTTPS
clientName.pem Certificate used for HTTPS (saved in PEM format)
clientName.csr Certificate Signing Request sent to Braincube and used to generate the certificate
clientName.pub Public key (pair of the Private Key). Not used

Check for an existing onboarded client

The CSR tool allows you to check the connection for an existing client.

  • First you should be in the same directory as the .onboard generated file. This file will be used by the tool to retrieve all the informations it needs.
$ ls
braincube-csr-client-linux  clientName  clientName.csr  clientName.onboard  clientName.pem  clientName.ppk  clientName.pub
  • Then type the check command
 ./braincube-csr-client-linux c // for linux and mac
 c:\braincube-cr-client-win.exe c // for windows
  • You need to choose you entry point (braincubetransfer.mybraincube.com by default) and type enter
? SSO intance (Type domain or Press enter for the default value) braincubetransfer.mybraincube.com
  • All the .onboard file found should be listed, pick the right one using arrow keys and type enter
? Onboard file (Use arrow keys)
❯ clientName.onboard
  • The check process is initiated and displays some information. It should conclude with a SUCCESS message. During a 60-second period, the tool attempts to send a file every 2 seconds and stops upon success.
Found onboard info { productId: '61b563d3-7178-4b27-a771-ef88e17c874a',
  user: 'xxx@brainteam.mybraincube.com',
  step: 'BOARD_DETAILS_AVAILABLE',
  owner: 'xxxxxxxx',
  productName: 'brainteam',
  privateKey: '/home/downloads/clientName',
  publicKey: '/home/downloads/clientName.pub',
  csr: '/home/downloads/clientName.csr',
  cert: '/home/downloads/clientName.pem',
  onboard: '/home/downloads/clientName.onboard' }
Checking Tampix 61b563d3-7178-4b27-a771-ef88e17c874a
Check connection on braincubetransfer.mybraincube.com for 61b563d3-7178-4b27-a771-ef88e17c874a
post file result was 200 
Connection SUCCESSFULL

After 6O seconds, if the check is not successfull, the tool ends with an error.

Error: Status code 200 not found in 60000 ms

Configure your SFTP client

Now you have your key generated, you can set up your sftp client.

  • You will need the productId of the tampix (61b563d3-7178-4b27-a771-ef88e17c874a in this example) :
  • It's displayed by the Csr client tool
  • Or it's contained into the .onboard file

  • Or you can ask it to the braincube support

  • To configure your sftp client, use the following informations

  • Host : braincubetransfer.mybraincube.com
  • Port : 2222
  • Identification type : Private key / Key file
  • Identifier : your productId (61b563d3-7178-4b27-a771-ef88e17c874a in this example)
  • Key file : the private key file generated by the tool (Private key path is /home/downloads/clientName in this example). (In some cases, key file needs to have the .ppk extension).

  • Then save your configuration and use it to connect through sftp.

  • You may have to accept the server fingerprint for the first time. And you can also check the 'Always trust this host'.

  • Once connected you're automatically moved into the upload folder, and all the uploads must have to be done into the upload folder, otherwise, the files transfer will fail.

Configure your HTTPS client

Configuring your HTTPS client is similar to SFTP, with a few differences:

  • There are two possibilities for the upload path :
  • For ansible deployment https://braincubetransfer.mybraincube.com/upload/<productId>
  • For kubernetes deployment https://transfer.<domain>/<productId>/upload
  • Uploads MUST be performed using the POST method.
  • You MUST use both the certificate (.pem) and the private key file for tls authentication.
  • The request MUST include the File-Name HTTP header with the file name as its value.

Examples

Using curl :

curl 
 -X POST # set POST method
 --cert ./clientName.pem # path to certificate
 --key ./clientName  # path to private key
 -T <path_to_file>
 -H "File-Name: <filename>"
 https://braincubetransfer.mybraincube.com/upload/61b563d3-7178-4b27-a771-ef88e17c874a