CrossBorder-Gateway/Domibus/Server-setup-guide.md

@@ -180,6 +180,7 @@ http://{DOMIBUS_HOSTNAME}:{DOMIBUS_PORT}/domibus
 > :warning: **Attention**:
 Self-signed certificates are intended for testing purposes only and should not be used in production. For production use, consider obtaining certificates from a trusted certificate provider. Additional information on certificate providers can be found [here](https://ec.europa.eu/digital-building-blocks/wikis/display/DIGITAL/PKI+Service).
 
+### A - Generating certificate
 Make sure you have the Java KeyStore/TrustStore located in  **`{DOMIBUS_SERVER_DIRECTORY}/domibus/keystores`** : 
 - `gateway_keystore.jks` store your private and public keys.
 - `gateway_truststore.jks` store the public keys of other eDelivery Access Points for message exchange.
@@ -207,12 +208,10 @@ Import your certificate into your TrustStore:
 keytool -import -file {DOMIBUS_ACCESS_POINT}.cer -alias {DOMIBUS_ACCESS_POINT} -keystore gateway_truststore.jks -storetype JKS -storepass {TRUSTSTORE_PASSWORD}
 ```
 
-### :construction: under construction :construction:
-Contact the Central Service team and provide them with the following information:
-```
-{DOMIBUS_HOSTNAME}:{DOMIBUS_PORT}
-```
-Attach the certificate file, `{DOMIBUS_ACCESS_POINT}.cer`, generated in your **`{DOMIBUS_SERVER_DIRECTORY}/domibus/keystores`** folder. This step is crucial for the Central Service team to include your public key in the list of authorized parties on the Central Access Point.
+### B - Exchange certificate
+In order to establish communication with the central Domibus server, it's essential to exchange the previously generated certificate with the central team. To facilitate this process, the central team has prepared a [PDF tutorial](https://drive.google.com/file/d/1EooF5CQqeeBT_yfoKRHPJqXwr38-WQwN/view?usp=drive_link), available on page 7, outlining the necessary steps.
+
+As part of the certificate exchange procedure, you will be required to provide the address of the Domibus instance you are setting up. In return, the central team will furnish you with the address of the Central Domibus, referred to henceforth as **`{CENTRAL_DOMIBUS_HOST}`**. This mutual exchange ensures seamless communication between your Domibus instance and the central server.
 
 You may need to use `scp` on your PC to copy this file from the server to your personal computer. For example:
 
@@ -225,8 +224,6 @@ scp {ADMIN_USER}@{DOMIBUS_HOSTNAME}:/opt/{DOMIBUS_SERVER_DIRECTORY}/domibus/keys
 
 This step ensures that you have a local copy of the certificate file for further actions.
 
-### :construction: under construction :construction:
-
 ## 3 - Domibus Properties
 :globe_with_meridians:
 
@@ -261,6 +258,15 @@ domibus.auth.unsecureLoginAllowed=false
 > **Note**:
 While you might consider creating a `PKCS12` KeyStore, please be aware that it currently appears to be non-functional.
 
+You might also find it necessary to adjust the password expiration delay within the Domibus console. By default, this expiration period is set to 90 days, but you have the flexibility to customize it according to your preferences.
+
+```properties
+#Password expiration policy in days (0 to disable)
+domibus.passwordPolicy.expiration=90
+```
+
+>:warning:**Warning**: Please note that there is no password recovery option available. It's crucial to ensure that you safely retain your password to prevent any loss. 
+
 ## 4 - Users Credentials
 :globe_with_meridians:
 
@@ -311,7 +317,7 @@ Start by downloading the PMode template file [pmode.xml](https://drive.google.co
 
 Ensure that you save your modifications.
 
-Similar to sharing our certificate with the EU Access Point previously, we also need to import the EU Access Point certificate to grant them exchange authorization. To achieve this, follow these steps for each Access Point you wish to authorize.
+Similar to sharing our certificate with the Central Access Point previously, we also need to import the **`{CENTRAL_ACCESS_POINT}`** to grant them exchange authorization. To achieve this, follow these steps for each Access Point you wish to authorize.
 
 Navigate to:
 
@@ -323,17 +329,17 @@ Create a name such as `europe_ap` and set the endpoint with the `/domibus/servic
 
 
 ```http
-http://<EU-HOSTNAME>:<EU-PORT>/domibus/services/msh
+http://{CENTRAL_DOMIBUS_HOSTNAME}:{CENTRAL_DOMIBUS_PORT}/domibus/services/msh
 ```
 ![party](/img/domibus/image4.png)
 
 >**Note**:
 You can include the IP address of the specific Access Point you wish to establish communication with. However, in our scenario, it's essential to add only the IP address of the Central Access Point, which serves as the central hub.
-The <EU-HOSTNAME> and <EU-PORT> should be furnished by the Central Service Team.
+The `{CENTRAL_DOMIBUS_HOSTNAME}` and `{CENTRAL_DOMIBUS_PORT}` should be furnished by the Central Service Team, please refer on the section [3-B Exchange certificate](https://code.europa.eu/healthdataeu-nodes/hdeupoc/-/wikis/CrossBorder-Gateway/Domibus/Server-setup-guide#3-domibus-properties).
 
-Import the [EU Access Point Certificate](https://drive.google.com/file/d/1jduYescq5XkJ8PPoMamWBDjOFoAY9GNO/view?usp=drive_link)
+Import the **`{CENTRAL_CERTIFICATE}`**
 
-Scroll down to the `Identifiers` section, click on `+ New`, and add the Access Point name, which is `europe_ap` for the EU Access Point and set this for the following properties:
+Scroll down to the `Identifiers` section, click on `+ New`, and add the Access Point name, which is **`{CENTRAL_ACCESS_POINT}`** and set this for the following properties:
 
 ```
 Party Id Type: partyTypeUrn