Creating the Certificate Key Store for SSL
If you have a production-ready SSL certificate, it is easiest to store it in a keystore.pfx
file that is saved in %WILDFLY_HOME%\standalone\configuration\keystore.pfx
. If you don't have a production ready server certificate, then you can either create a temporary self-signed one using cert.cmd
, to get you started with testing, or buy a production certificate from, for example: https://www.globalsign.com/en/ssl/.
...
If you are using self-signed certificates (like the one provided by default in the installation of Ubisecure SSO) also with Ubisecure SSO you need to import the public key into the Java certificate store (%JRE%JAVA_HOME%\lib\security\cacerts
file).
...
Successful execution will show Successfully processed 1 files; Failed processing 0 files
And verified in the GUI:
Note |
---|
NOTE: For the Ubisecure CustomerID service startup to be successful when the server is restarted, the WildFly service startup needs to be dependent on the data storage services (PostgreSQL and the used LDAP(s)). If the WildFly service starts up before the data storage services then the startup won't succeed. If PostgreSQL is running on the same server as WildFly, create a startup dependency to ensure PostgreSQL is running before WildFly is started. As the Administrator user, execute the following command: The name of the service can be different in your installation so make sure to check the actual name from Windows Services management view. Successful execution will show the output
|
...
The command has run successfully if the output shows {"outcome" => "success"}
.
Setting Up Audit and Diagnostic logging
Starting from Ubisecure CustomerID 5.0.x, logging is managed centrally via the WildFly Java EE container. The script setup-logging.cmd
contacts WildFly management port and then sets up logging configuration to redirect Ubisecure CustomerID specific log entries to separate files. To set up logging, run the following commands in a command prompt:
...