Install Server JRE
You can find instructions on how to install the Server JRE from the Single node installation on Windows - SSO page.
Use the same instructions to set the JRE_HOME environment variable.
Unpacking the Software
Unzip the packet
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure"
unzip certap-X.X.X.zip |
Modifying the Configuration Template
Open the win32.config
configuration file in a text editor.
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure\certap\certap"
notepad win32.config |
Specify the parameter certap.url
and save the file. The Certificate Authentication Provider will be deployed to this URL.
Code Block |
---|
|
certap.url = https://certap.example.com:9443 |
Run the setup.cmd
script to create the configuration files.
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure\certap\certap"
setup.cmd |
Setting the PKI Policies
Next step is to define which certificates the Certificate AP is to trust. The folder /ubilogin-certap/certap/samples/Exampe CA/
contains sample configurations for testing purposes.
By default two-way SSL authentication is used so the Tomcat must be told which client certificates to trust when creating the SSL connection between the client and Certificate AP
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\cacerts.jks" custom\tomcat |
Copy the sample policy.xml
file
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\policy.xml" webapps\certap\WEB-INF\uap\pki |
The corresponding certificate containing the private key and the password protecting the key are found in samples\Example CA\test@example.com.pfx
Import the key to your system with the Certificate Import Wizard in order to authenticate yourself to the Certificate AP by double clicking the .pfx file. The password protecting the key is found in samples\Example CA\test@example.com.txt
Finish the Certificate Authentication Provider installation
Finish the installation of the Certificate AP by running the installation script
Code Block |
---|
|
cd /d "C:\Program Files\Ubisecure\certap\certap"
config\tomcat\install.cmd |
Verify that the Certificate AP is successfully installed by visiting the following url. Use of Internet Explorer is recommended. When the browser prompts for a client certificate select the one installed in previous section.
Code Block |
---|
|
https://certap.example.com:9443/certap/saml2/SingleSignOnService |
The following web page is shown:
|
---|
Figure 1. Web page indicating the successful installation of Certificate AP |