Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.3

...

Import the server certificate.

Code Block
languagetext
titleFor Linux
./keytool -importcert -alias "SSO Server Certificate" -file ../lib/security/login.example.com.crt -keystore ../lib/security/cacerts
Code Block
languagetext
titleFor Windows
cd %JRE_HOME%/bin
keytool -importcert -alias "SSO Server Certificate" -file C:\temp\login.example.com.crt -keystore ..\lib\security\cacerts

Import the intermediate certificate. Use the intermediate certificate of the issuer of your externally facing TLS/SSL certificate. In this example, the login.example.com certificate was issued by Comodo.

Code Block
languagetext
titleFor Linux
./keytool -importcert -alias "COMODO RSA Domain Validation Secure Server CA" -file ../lib/security/COMODORSADomainValidationSecureServerCA.crt -keystore ../lib/security/cacerts
Code Block
languagetext
titleFor Windows
keytool -importcert -alias "COMODO RSA Domain Validation Secure Server CA" -file C:\temp\COMODORSADomainValidationSecureServerCA.crt -keystore ..\lib\security\cacerts

Import the CA certificate of the issuer of your externally facing TLS/SSL certificate.

Code Block
languagetext
titleFor Linux
./keytool -importcert -alias "COMODO RSA Certification Authority" -file ../lib/security/COMODORSACertificationAuthority.crt -keystore ../lib/security/cacerts
Code Block
languagetext
titleFor Windows
keytool -importcert -alias "COMODO RSA Certification Authority" -file C:\temp\COMODORSACertificationAuthority.crt -keystore ..\lib\security\cacerts

Adding the self signed certificate from the default keystore.pfx

During SSO installation a default keystore is created in $UBILOGIN_HOME/custom/tomcat/keystore.pfx with a self signed certificate, when no existing keystore in the location is found. The self signed certificate can be added to the default cacerts trust store in $JRE_HOME/lib/security/cacerts with the command below:


Code Block
titleFor Linux
keytool -exportcert -

...

keystore $UBILOGIN_HOME/custom/tomcat/keystore.pfx -alias tomcat -storepass changeit | keytool -importcert -keystore $JRE_HOME/lib/security/cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt


Code Block
titleFor Windows
keytool -exportcert -keystore %UBILOGIN_HOME%\custom\tomcat\keystore.pfx -alias tomcat -storepass changeit | keytool -importcert -keystore ../lib/security/cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt