The SSO Management API, Password Reset application, and Accounting Service reporting endpoints connect to the SSO OAuth 2.0 endpoints, so the server certificate of those endpoints must be trusted by the Java Runtime Environment used by SSO. By default, no publicly issued CAs are trusted and must be trusted explicitly.
Also the Accounting Service server certificate must be trusted by the Java Runtime Environment due Accounting Service internal implementation. The self-signed certificate generated during the installation process takes this into account since v. 8.4.
The certificates can be imported using the following syntaxes. The whole certificate chain must be imported using the keytool tool, which can be found in the bin directory of the java installation under JRE_HOME.
...
| Code Block | ||
|---|---|---|
| ||
keytool -exportcert -keystore $UBILOGIN_HOME/usr/local/ubisecure/ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx -alias tomcat -storepass changeit | keytool -importcert -keystore $JRE_HOME/lib/security/cacerts -storepass changeit -alias ubisecure-sso-servercert -noprompt |
...
| Code Block | ||
|---|---|---|
| ||
keytool -exportcert -keystore "%UBILOGIN_HOME%C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\custom\tomcat\keystore.pfx" -alias tomcat -storepass changeit | keytool -importcert -keystore "%JRE_HOME%\lib\security\cacerts" -storepass changeit -alias ubisecure-sso-servercert -noprompt |
...