TBANK Security Intellinx System V0.6 20160523

Monitoring Intellinx
for TBANK
May 23, 2016

Notice: While reasonable effort was made to ensure that the information in this document was
complete and accurate at the time of writing. Changes and/or corrections to the information
contained in this document may be incorporated into future issues.
All text and figures included in this publication are the exclusive only for Thanachart Bank. This
document also contains registered trademarks and service marks that are owned by their
respective companies or organizations.
TABLE OF CONTENTS
VERSION CONTROL......................................................................................1
INTRODUCTION............................................................................................2
INTELLINX SYSTEM CONFIGURATIONS ENCRYPTION....................................3
FIRST
TIME PASSWORD APPLY TO THE CONFIGURATION FILE....................................4
APPLY AUTHENTICATION TO INTELLINX SYSTEM..........................................9

INTELLINX SERVER ENCRYPTION ACTIVATION............................................14
APPLY
ENCRYPTION TO THE
DATA CHANNELS....................................................22
INVESTIGATION CENTER CONFIGURATION DB PASSWORD ENCRYPTION...23

GENERATE A MASTER KEY BASED ON A GIVEN PASSWORD....................................23
ENCRYPT A PASSWORD USING THE GENERATED MASTER KEY.................................24
WEB TUNNEL SSL ENCRYPTION APPLY.......................................................28
WEB REPLAY ENCRYPTION.........................................................................29
INVESTIGATION CENTER WEB ENCRYPTION...............................................31
EXPORT / IMPORT CERTIFICATION..............................................................33
EXPORT CERTIFICATION.................................................................................33
IMPORT CERTIFICATION..................................................................................37
DISABLE JAVASCRIPT DEBUGGING NOTIFICATION......................................44
LIST OF FIGURES
Figure 1: First time password 1..................................................4
Figure 8: Authentication setup 1................................................9
Figure 9: Authentication setup 2..............................................10
Figure 10: Authentication setup 3............................................10
Figure 15: Setup the encryption and sign are explain 1...........14
Figure 20: No keyset apply is not allow to Activate Service.....18
Figure 25: DC encrypt 1...........................................................22
Figure 26: DC encrypt 2...........................................................22
Figure 27: Generating master key for the database password 1
................................................................................................ 23
ii

................................................................................................ 23
................................................................................................ 23
Figure 30: Setup the encryption for the database password 1. 24
Figure 35: Master key file path................................................26
Figure 36: Starting the Investigation Center Service................27
Figure 37: Web tunnel ssl encryption apply 1..........................28
Figure 38: Web tunnel ssl encryption apply 2..........................28
Figure 39: WebReplay SSL 1....................................................29
Figure 42: Investigation Center SSL 1......................................31
Figure 45: Export certificate 1.................................................33
Figure 53: Import certificate 1.................................................37
iii

Figure 62: Import certificate 10...............................................42
Figure 66: Disable JavaScript Debugging Notification 1...........44
Figure 67: Disable JavaScript Debugging Notification 2...........45
iv
Export / Import certification
Version Control
Versi
on
Date
0.1
Aug
2015
0.2
0.3
0.4
0.5
Author\Editor
26, Thonthep K.
Purpose of update
Initial Draft
Udorn D.
Aug 27,
2015
Thonthep K.
Aug 28,
2015
Thonthep K.
Sep 4,
2015
Thonthep K.
Apr 8, 2016
Thonthep K.
- Added picture from ATM production.

- Changed path of files needed.
- Changed picture to match the detail.
- Updated information.
- Changed IP address to Server name.
- Rearrange some encryption steps.
- Added CDS and HP environment
path.
- Added SIT and UAT environment
path.
0.6
May 23,
2016
Thonthep K.
- Change detail in Web Tunnel SSL

encryption about parameter using in
keytool.exe to create keystore.jks
- Added Export / Import certification
for Trusted Root Certification
Authorities method
- Added Disable JavaScript Debugging
Notification method
TBANK Security Intellinx System V0.6
Introduction
There are several related ways to implement Intellinx System with the strong
security enforces. In order to run the system, the most important information for
the organization needed to be applied in the many ways of secured methodology.
Information security is the infrastructure to make Intellinx system secure. The
following security setup and configuration in Intellinx TBANK fraud system has
been implemented.
Intellinx System configurations encryption

Apply Authentication to Intellinx System
Intellinx server encryption activation
Investigation center configuration database password encryption
Web Replay encryption
Investigation Center Web encryption
This document lists are prepared for TBANK configuration installed for the
ATM Fraud production environment.
Intellinx system configurations encryption

The Intellinx system has protected server configuration file by default, the
password is a mandatory to apply for encryption the parameters inside the xml
file. After installation of Intellinx System process, while running Intellinx
Enterprise Manager for the first time it will be asking for the initialize encryption
password.
The configuration file for the server services has been located on the following
directory:
Production environment
CDS-HP Sensor server TBFRDSSPRD1
D:\Intellinx\Server\servers\itxsvc_ss_CDS_2348\conf\server-config.xml
D:\Intellinx\Server\servers\itxsvc_ss_HP_2358\conf\server-config.xml
D:\Intellinx513\Server\servers\HPapp_2468\conf\server-config.xml
CDS-HP Analyser server TBFRDAZPRD1
D:\Intellinx\Server\servers\itxsvc_dc_cds_2558\conf\server-config.xml
D:\Intellinx\Server\servers\itxsvc_dc_hp_2468\conf\server-config.xml
D:\Intellinx\Server\servers\itxsvc_bl_2549\conf\server-config.xml
(Backlog) *
D:\Intellinx\Server\servers\itxsvc_bl_2378\conf\server-config.xml
Engine)
(Rule
ATM Sensor server TBFRATMSSPRD

D:\Intellinx\Server\servers\itxsvc_ss_atm\conf\server-config.xml
ATM Data Channel server TBFRDAZPRD1
F:\IntellinxATM\Server\servers\itxsvc_dc_atm_2529\conf\serverconfig.xml
F:\IntellinxATM\Server\servers\itxsvc_bl_2549\conf\server-config.xml *
*CDS-HP and ATM are now using same Backlog service after migration.
SIT environment
Sensor and Analyzer server TBFRDSSAZDR1
E:\Intellinx5\Server\servers\itxsvc_atm_sit_2448\conf\server-config.xml
E:\Intellinx5\Server\servers\itxsvc_cdshp_sit_2668\conf\server-config.xml
E:\Intellinx5\Server\servers\itxsvc_re_2648\conf\server-config.xml
E:\Intellinx5\Server\servers\itxsvc_re_job_2658\conf\server-config.xml
UAT environment
Sensor and Analyzer server TBFRDSSAZDR1
E:\Intellinx5\Server\servers\itxsvc_atm_uat_2549\conf\server-config.xml

E:\Intellinx5\Server\servers\itxsvc_cdshp_uat_2778\conf\serverconfig.xml
E:\Intellinx5\Server\servers\itxsvc_re_uat_2748\conf\server-config.xml
E:\Intellinx5\Server\servers\itxsvc_re_job_2888\conf\server-config.xml
First time password apply to the configuration file

After installation open the Enterprise Manager to manage the Intellinx
server service instance by default it will be asking for the password to provide an
encryption of the important values in the server-config.xml file. Follow these
steps to create an encryption.
1. Enter initial password.
Figure 1: First time password 1
2. After entering password, click OK.
3. Click OK again.
3.1You can find server-config.xml which in this following path

D:\Intellinx\Server\servers\itxsvc_dc_atm\conf
3.2The system configuration key files for encryption are located in this
path:
D:\Intellinx\Server\servers\itxsvc_dc_atm\security\keysets
File name: sys_conf_key.xml

4. If the Administrator would like to change the password for a new
encryptiton key, follow these instructions. then go to server property on
the Encryption tab click on the button Change Configuration Password.
Type in the old password and the new password that will be apply and click
OK.
4.1Go to Server Configuration on the Encryption tab click on the
button Change Configuration Password

4.2Enter Old password and new password, then click OK.
Apply Authentication to Intellinx System

Intellinx system support varieties of the authentication mechanism by
default it does not required for any authentication for the beginning use. Its
needed to define the security authentication after installation by setting to the
Authentication configuration. After applying config need to be aware that
Intellinx system has tight authentication services dedicatly. Then before applying
it needs to be done at the beginning because if its been broken from any reason
you will not have a way to reverse back to the native state.
Figure 8: Authentication setup 1

On the Authentication setup it need to be prepare for those of parameters
on the above screen to apply to the right values and ensure that finally
succeeded to restart and running system in the correct situation.
The Authentication server has a choice for the Apache Directory Service ,
Open Ldap, Microsoft Active Directory etc. To provide the user authentication
security binding to the Intellinx system.

The information about production configuration was applied to Intellinx
binding with the Microsoft Active Directory service of the TBANK infrastructure.

There are consideration for the Investigation Center workflow that will run
to service as a mainly investigation process workflow. To consider in order to
know about the organization the Investigation peoples can let IC refer to the
TBANK users profile center that is based on MSAD. On the other hand it is the
user authentication it can track in a way of the same as normal working on the
most of existing users have. This configuration can be configured in
InvestigationCenter.xml
file
in
path
D:\Intellinx\IC\InvestigationCenter\Appserver\conf\Catalina\localhost

The MS Active Directory requires for some parameter has been provide
from the support. The MS AD server is point to TBKDCAD02 with comunication
on port 389.
The user for lookup the user list for binding is using itx_lookup that
created for Intellinx usage with the non-expirable password.
User base: = OU=Thanachart Users, DC=THANACHART GROUP,
DC=COM
Group base: = OU=Thanachart Users, DC=THANACHART GROUP,
DC=COM
User attribute in group = member

Intellinx server encryption activation

Intellinx maintain the sensitive data by using security of data encryption
and digital signature. Intellinx provides the means to encrypt and sign recorded
data as well as encrypt the data transfer between the different Intellinx components. For
encryption and decryption procedures Intellinx uses the 128bit AES algorithm.
For recording signature procedures, Intellinx uses RSA with MDS.
In case of TBANK configuration the data transfer between Sensor and Intellinx Data
Channel has not encrypt because of the communication is only base on locally network
between 2 servers internally and make it less consume the process between them.
For the final data stage that will write down session data to the Backlog Database has
been enablement in the Data Channels including of ATMBase24DataChannel,
Base24CBSDataChannel, ISO8583EBCIDICDataChannel and ITMXDataChannel.
The procedure to setup the encryption and sign are explain below:
Intellinx provide a utility for generate the encryption key that conform to
the standard algorithms. To generate the file called utility Key Set by running the
command by the following step.
1) Run "D:\Intellinx\Server\tools\KeysetUtil.bat"
The installation directory on production is D:\Intellinx\Server
2) Choose 1: Generate a new keyset
Figure 15: Setup the encryption and sign are explain 1

3) Select the server directory to place the file that generates from the keyset
utility. In this case press 1 to choose destination for itxsvc_dc_atm
Keysets directory selection:

1. D:\Intellinx\Server\servers\itxsvc_dc_atm\security\keysets
Choose from the above list the keysets directory or type a specific directory
path: 1
Going to generate a keyset in

D:\Intellinx\Server\servers\itxsvc_dc_atm\security\keysets
Enter Y or press Enter to confirm action, or enter X to exit: Y
4) Confirm action by press Y on keyboard and press Enter.


5) Keyset is generated.
2015.08.25 14:16:12.848 |INFO | Loading Key Provider

2015.08.25 14:16:12.848 |WARN | No keyset found at
D:\Intellinx\Server\servers\itxsvc_dc_atm\ security\keysets
2015.08.25 14:16:12.848 |WARN | Key Provider is loaded but no current keyset
defined
2015.08.25 14:16:12.848 |INFO | Generating new keyset
2015.08.25 14:16:12.848 |INFO | Encrypting key size 128, Signature key size
-1,024
2015.08.25 14:16:12.848 |INFO | Successfully generated new keyset 5352F216D27F-3C73-0690-C8D25E35D114
Press any key to continue . . .

On another server services need to do manually copy from the
previous one to all other server services.
Production environment
For ATM Sensor Service (TBFRATMSSPRD) :
"D:\Intellinx\Server\servers\itxsvc_ss_atm\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_ss_atm\security\keysets\5352F216-D27F-3C730690C8D25E35D114"
For CDS-HP Sensor Service (TBFRDSSPRD1) :
"D:\Intellinx\Server\servers\itxsvc_ss_CDS_2348\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_ss_CDS_2348\keysets\5352F216-D27F-3C730690C8D25E35D114"
"D:\Intellinx\Server\servers\itxsvc_ss_HP_2358\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_ss_HP_2358\keysets\5352F216-D27F-3C730690C8D25E35D114"
"D:\Intellinx513\Server\servers\HPapp_2468\security\keysets\current_key_set"
"D:\Intellinx513\Server\servers\HPapp_2468\keysets\5352F216-D27F-3C730690C8D25E35D114"
For CDS-HP Analyzer Service (TBFRDAZPRD1) :

"D:\Intellinx\Server\servers\itxsvc_dc_cds_2558\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_dc_cds_2558\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
"D:\Intellinx\Server\servers\itxsvc_dc_hp_2468\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_dc_hp_2468\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
"D:\Intellinx\Server\servers\itxsvc_bl_2378\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_bl_2378\security\keysets\5352F216-D27F-3C730690C8D25E35D114"
"D:\Intellinx\Server\servers\itxsvc_ss_atm\security\keysets\current_key_set"
"D:\Intellinx\Server\servers\itxsvc_ss_atm\security\keysets\5352F216-D27F-3C730690C8D25E35D114"
For Backlog Service (TBFRDAZPRD1 - CDS-HP & ATM BacklogWriter

and Viewer):
D:\Intellinx\Server\servers\itxsvc_bl_2549\security\keysets\current_key_set
D:\Intellinx\Server\servers\itxsvc_bl_2549\security\keysets\5352F216-D27F3C73-0690-C8D25E35D114
SIT environment (TBFRDSSAZDR1)
"E:\Intellinx5\Server\servers\itxsvc_atm_sit_2448\security\keysets\current_key_set
"
"E:\Intellinx5\Server\servers\itxsvc_atm_sit_2448\security\keysets\5352F216D27F-3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_cdshp_sit_2668\security\keysets\current_key_s
et"
"E:\Intellinx5\Server\servers\itxsvc_cdshp_sit_2668\security\keysets\5352F216D27F-3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_re_2648\security\keysets\current_key_set"
"E:\Intellinx5\Server\servers\itxsvc_re_2648\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_re_job_2658\security\keysets\current_key_set"
"E:\Intellinx5\Server\servers\itxsvc_re_job_2658\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
UAT environment (TBFRDSSAZDR1)
"E:\Intellinx5\Server\servers\itxsvc_atm_uat_2549\security\keysets\current_key_se
t"
"E:\Intellinx5\Server\servers\itxsvc_atm_uat_2549\security\keysets\5352F216D27F-3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_cdshp_uat_2778\security\keysets\current_key_
set"

"E:\Intellinx5\Server\servers\itxsvc_cdshp_uat_2778\security\keysets\5352F216D27F-3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_re_uat_2748\security\keysets\current_key_set"
"E:\Intellinx5\Server\servers\itxsvc_re_uat_2748\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
"E:\Intellinx5\Server\servers\itxsvc_re_job_2888\security\keysets\current_key_set"
"E:\Intellinx5\Server\servers\itxsvc_re_job_2888\security\keysets\5352F216-D27F3C73-0690C8D25E35D114"
6) Open the Enterprise Manager and then double click on the server for
example itxsvc_dc_atm you will get to the Server Configuration, click
on the Encryption tab.
2
1

6.1) In case of the keyset is not generated and place to the
directory the system will be shown as follows in Figure 20 and this
message appear There is no keyset defined on the Server, encryption
cannot be used.
Figure 20: No keyset apply is not allow to Activate Service

6.2) When keyset is applied to the server service directory, restart
that service. It will show as picture below that the Activate Service is
allow to turn it on.

7) Checked on Activate Service and click OK
8) Click OK

9) After activating the encryption service the server service itxsvc_dc_atm
will be asking for restart to apply the keyset as on the next time running.
Apply encryption to the Data Channels

When the itxsvc_dc_atm server service has been restarted this server
service will allow turning on the Encrypt recordings and Sign recordings of the
Data Channel. (In this case is an example of ATMBase24DataChannel)
Figure 25: DC encrypt 1
Under the Recording tab click on the Encrypt recording and Sign
recording check boxes and then click OK for apply then restart the
DataChannel.
Figure 26: DC encrypt 2
All DataChannel has been applied to this keyset and enable the encryption
data that finally writing down to the BackLog Database. Sessions data are

keeping secure and can only playback from the system that has this keyset
config.
Investigation Center Configuration DB

password encryption
Investigation Center Web application has the configuration file by default that
is InvestigationCenter.xml and this file are store the Database connection
including user and password. Intellinx has been provided the Database Password
Encryption Tool that is used to create more effective password protection by
using the Triple DES encryption algorithm within the InvestigationCenter.xml file.
The tool has two main functions:
- Generate a master key based on a given password
- Encrypt a password using the generated master key
Using these two functions ("generate" and "encrypt") results in an encrypted
password that replaces the plain text passwords available by default in the
InvestigationCenter.xml file.
Generate a master key based on a given password

To generate master key file, follow these steps
1. Go to command line and navigate to
D:\Intellinx\IC\InvestigationCenter\setup\password-encryption
2. Type PasswordEncryptionTool generate p xxxx (Where xxxx = your

password.)
3. After that, press Enter and it will show that master key file generated
successfully as follows.

Encrypt a password using the generated master key

To use master key file, follow these steps
1. Go to command line and navigate to
D:\Intellinx\IC\InvestigationCenter\setup\password-encryption
Figure 30: Setup the encryption for the database password 1
2. Type PasswordEncryptionTool encrypt p xxxx (Where xxxx = your

password.)
3. After that, press Enter and it will show that master key file generated
successfully as follows. The password shown in No.1 will be used up
next.

4. Apply master key file to the Intellinx Investigation Center server file
located on path:
D:\Intellinx\IC\InvestigationCenter\Appserver\conf\Catalina\localhost\In
vestigationCenter.xml
At first, database password is still plain text as shown in picture below.
5. Use this encrypted password from Figure 31 earlier:

enc:AAAAHDAaBBSH0kYgz62pdL+F3HWd5KzAswiJEAICBAAAAAAI0a1a
7Kw7r6M=
(Note: This password will not be the same for each time you created
new master key.)
Then replace the plain text password shown in Figure 32 with the
encrypted password that mentioned earlier.
6. Copy the master key encryption file .masterkey under this path
D:\Intellinx\IC\InvestigationCenter\Appserver\conf\
Figure 35: Master key file path

7. Stop itx_ic_investigationcenter Service and then start again.
Investigation Center service will be applied to encrypt password in the
InvestigationCenter.xml after it started.
Figure 36: Starting the Investigation Center Service
Web tunnel SSL encryption apply

There are 2 components of Intellinx that service to the end user by access
from the http/https protocol including
1. Intellinx Web Replay : To provide a session replay that was record from
the Backlog DB.
2. Investigation Center Web : To provide web portal workflow for the case
investigation.
To make those components secure communication between end user and
server services Intellinx need a JavaKeyStore or PKCS12 keys for the encryption
communication tunnel. In the way of Java Intellinx using the Java standard
keytool name keytool.exe to do generate key file. This tool coming with Java on
the D:\Intellinx\Jre\bin\.
The step to generate the key encryption done by the following command and
input the password.
Keytool -genkey -keyalg RSA -alias itx_key -keystore keystore.jks -dname
"CN=TBFRATMICPRD, OU=IT Security Division, O=Thanachart Group, L=Bangkok,
C=TH" -validity 10000 -keysize 2048
Enter keystore password:
Figure 37: Web tunnel ssl encryption apply 1
The keystore file will be create after put the enter the password.
25/08/2015 02:57 PM
1,264 keystore.jks
Figure 38: Web tunnel ssl encryption apply 2
Web Replay encryption

To encrypt the Web Replay, follow these instructions.
1. Apply keystore file to the web replay by opening the Enterprise
Manager and click on Web Server tab.
Figure 39: WebReplay SSL 1

2. Checked on the Activate Service. Then change the Web Server
Protocol to HTTPS and select the Key store type value JKS. After
that, set the file path on the Key store file:. Finally, enter the
password on the Key store password.
3. Click OK
After applying the parameters for the encrytion Web Replay service then
restart the server service. The service will be applied to the itxsvc_bl on the
ATM production server.
Investigation Center Web encryption

Apply the keystore file to the Intellinx Investigation Center Web portal to
secured the communication between server and enduser. The Investigation
Configuration file is base on Tomcat server.xml located under the
D:\Intellinx\IC\InvestigationCenter\Appserver\conf\ for production.
Figure 42: Investigation Center SSL 1
In order need to be remove comment begin  then add
new lines and put the parameter as follow:
1. keystoreFile = "D:\Intellinx\Security\keystore.jks
2. keystorePass = "xxxxxx"
3. keyAlias = "itx_key"

After saving the file need to be restart the itx_ic_investigattioncenter
service.

When we use new keystore, certification is still not trusted from system
and will result in security error (although it didnt impact on application process).
Therefore we need to import certification to system by following these steps
1. Export certification from URL of Investigation Center that is untrusted.
2. Import certification back to the system again by configuring as trusted
certification.
Export certification
1. Click on Certificate Error and select View certificates
Figure 45: Export certificate 1

2. Click on Details tab and select Copy to File
3. Click Next

4. Select DER encoded binary X.509 (.CER) and click Next
5. Click Browse for choosing file path

6. Click Next after file path has been selected
7. Click Finish

8. Click OK to complete exporting certificate
Import certification
1. Click Start > type certmgr.msc
certmgr.msc that showed up
in
search
panel
and
select

Figure 53: Import certificate 1

2. Expand Trusted Root Certification Authorities > Certificates > All
tasks > Import
3. Click Next


4. Click Browse for choosing file path
5. Select certificate file (in this case its the same file from previous
chapter)


6. Click Next after file path has been selected
7. Select Place all certifications in the following store and click Browse

8. Select Show physical stores
9. Expand Trusted Root Certification Authorities

10.Select Local Computer and click OK
11.Certificate store path should have Local Computer in the end and
click Next


12.Click Finish
13.Click OK to complete importing certificate
Disable JavaScript Debugging Notification

Usually, Microsoft Internet Explorer has JavaScript debugging enabled as
default setting to check if there are any errors in JavaScript thats running. But
sometimes JavaScript errors are caused by misplace syntax which it doesnt
affect any of applications processing. Therefore we can disable JavaScript
debugging notification for better experience usage by following these steps
1. Open Microsoft Internet Explorer web browser
2. At Menu bar, select Tools > Internet Options
Figure 66: Disable JavaScript Debugging Notification 1

3. Go to Advance tab. Under Browsing section, uncheckmark Display
a notification about every script error. Click Apply and click OK
Figure 67: Disable JavaScript Debugging Notification 2

TBANK Security Intellinx System V0.6 20160523

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

TBANK Security Intellinx System V0.6 20160523

Încărcat de

Drepturi de autor:

Formate disponibile

Monitoring Intellinx

May 23, 2016

TIME PASSWORD APPLY TO THE CONFIGURATION FILE....................................4

APPLY AUTHENTICATION TO INTELLINX SYSTEM..........................................9

INVESTIGATION CENTER CONFIGURATION DB PASSWORD ENCRYPTION...23

Figure 28: Generating master key for the database password 2

Figure 58: Import certificate 6.................................................40

Export / Import certification

- Added picture from ATM production.

- Change detail in Web Tunnel SSL