Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.3

Install Server JRE

You can find instructions on how to install the Server JRE from the Single node installation on Windows - SSO page. 

Use the same instructions to set the JRE_HOME environment variable.

Unpacking the Software

Unzip the packet

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure"
unzip certap-X.X.X.zip

Modifying the Configuration Template

Open the win32.config configuration file in a text editor.

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure\certap\certap"
notepad win32.config

Specify the parameter certap.url and save the file. The Certificate Authentication Provider will be deployed to this URL.

Code Block
languagetext
certap.url = https://certap.example.com:9443

Run the setup.cmd script to create the configuration files.

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure\certap\certap"
setup.cmd

Setting the PKI Policies

Next step is to define which certificates the Certificate AP is to trust. The folder /ubilogin-certap/certap/samples/Exampe CA/ contains sample configurations for testing purposes.

By default two-way SSL authentication is used so the Tomcat must be told which client certificates to trust when creating the SSL connection between the client and Certificate AP

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\cacerts.jks" custom\tomcat

Copy the sample policy.xml file

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\policy.xml" webapps\certap\WEB-INF\uap\pki

The corresponding certificate containing the private key and the password protecting the key are found in samples\Example CA\test@example.com.pfx

Import the key to your system with the Certificate Import Wizard in order to authenticate yourself to the Certificate AP by double clicking the .pfx file. The password protecting the key is found in samples\Example CA\test@example.com.txt

Finish the Certificate Authentication Provider installation

Finish the installation of the Certificate AP by running the installation script

Code Block
languagetext
cd /d "C:\Program Files\Ubisecure\certap\certap"
config\tomcat\install.cmd

Verify that the Certificate AP is successfully installed by visiting the following url. Use of Internet Explorer is recommended. When the browser prompts for a client certificate select the one installed in previous section.

Code Block
languagetext
https://certap.example.com:9443/certap/saml2/SingleSignOnService 

The following web page is shown:

Figure 1. Web page indicating the successful installation of Certificate AP