WildFly configuration on Linux - CustomerID
Creating the Certificate Key Store for SSL
If you have a production-ready SSL certificate, it is easiest to store it in a keystore.pfx
file that is saved in $WILDFLY_HOME/standalone/configuration/keystore.pfx
. If you don't have a production ready server certificate, then you can either create a temporary self-signed one using cert.cmd
, to get you started with testing, or buy a production certificate from, for example: https://www.globalsign.com/en/ssl/.
The script cert.cmd
will generate a self-signed certificate and deposit it in a key store file called keystore.pfx
. This file is saved in $WILDFLY_HOME/standalone/configuration/keystore.pfx.
cd /usr/local/ubisecure/customerid/tools ./cert.sh
If you are using self-signed certificates (like the one provided by default in the installation of Ubisecure SSO) also with Ubisecure SSO you need to import the public key into the Java certificate store (${JAVA_HOME}/lib/security/cacerts
file).
Setting WildFly UndertowRealm
Locate the script config-wildfly.sh
and run it. This will relocate HTTP and HTTPS ports according to configuration that was specified in linux.config
and set up the references to the key store containing the server certificate. It will also set host aliases. Make sure that all phases finish with a success status.Â
cd /usr/local/ubisecure/customerid/tools ./config-wildfly.sh
After these steps you can open a browser to the server's HTTPS port and verify that the connection is over HTTPS and check that the certificate information is what you would expect it to be under the circumstances.
Setting Up customerid.home System Property for WildFly
See instructions from WildFly system property registration on Linux - CustomerID.
Setting Up Audit and Diagnostic Logging
Starting from Ubisecure CustomerID 5.0.x, logging is managed centrally via the WildFly J2EE container. The script setup-logging.sh
contacts WildFly management port and then sets up logging configuration to redirect Ubisecure CustomerID specific log entries to separate files. To set up logging, run the following commands in a command prompt:Â
cd /usr/local/ubisecure/customerid/tools ./setup-logging.sh
Setting Up a Mail Session
The mail session is set up by executing the script create-mail-session.sh
.Â
cd /usr/local/ubisecure/customerid/tools ./create-mail-session.sh
NOTE: You need to have defined email related configuration in linux.config
in order for the above script to work. If you are not going to send emails from Ubisecure CustomerID then this step can be skipped.