There are three ways to configure SSL.
...
For the first phase we have provided scripts that will generate self-signed certificates, which can be used for only testing purposes but should be avoided in production.
Pass-Through SSL
Run the config-wildfly-domain-cert-backend.cmd script on the master node, then copy the generated keystore.pfx file over to the slave node to the same path. The keystore.pfx file will be generated in the path %WILDFLY_HOME%\domain\configuration\keystore.pfx.
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd /D %PROGRAMFILES%\ubisecure\customerid\tools config-wildfly-domain-cert-backend.cmd |
Encrypt traffic separately between Front-End and Back-End servers.
These scripts will generate self-signed SSL certificates that uses each host's IP address in the cn-field.
On the Master Node, run config-wildfly-domain-cert-master.cmd
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd /D %PROGRAMFILES%\ubisecure\customerid\tools config-wildfly-domain-https.cmd |
Securing other Back-End connections
Ubisecure CustomerID can be configured to make calls to third-party software during the user registration workflows. Typically data entered by the user is verified against a CRM or other backend service to determine which access rights a user should be automatically given based on an existing service agreement.
If you plan to use back channel connections from Ubisecure CustomerID over SSL encrypted connections, you will have to add each server's public key to the Server JRE's cacerts file: %JRE_HOME%\lib\security\cacerts. Once you have downloaded the server's public key, you can add it to the key store with the following commands:
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd /D "%JRE_HOME%\lib\security\"
%JAVA_HOME%\bin\keytool -importcert -trustcacerts -alias "<descriptive alias here>" -keystore cacerts -storepass changeit -file C:\path\to\certificate.cer |
These commands can also be run at a later stage when third-party backend services are added to user registration workflows.