CertAP installation overview

Installation Overview

  • Extracting Certificate Authentication Provider distribution package
  • Creating SAML identity provider configuration
  • Modifying PKI policy
  • Exporting SAML identity provider metadata
  • Configuring Ubisecure Authentication Server
  • Importing service provider metadata
  • Deploying Certificate Authentication Provider

Requirements

System Requirements

  • SSL connection configured on an application server or SSL reverse-proxy
  • Ubisecure SSO Server 6.5 or later

Additional Requirements

Required Files

  • certap-<version>.zip

PKI Requirements

  • A root certificate for verifying the certificates the user
  • An optional HTTP or LDAP address for the CRL distribution point, or HTTP address to OCSP server

The Certificate Authentication Provider installation includes the complete PKI files and settings for the Finnish National Electronic ID card (HST).

Preparing for Installation

Before proceeding with installation, the following configuration decisions must be made:

  • Decide the deployment URL for Certificate Authentication Provider. Later in this guide, the deployment URL is referred as the base URL. Example: https://example.com/certap
  • Decide the trusted certificate issuers and acquire their certificates in base64 encoded format. Resolve the CRL distribution point/OCSP server for each trusted issuer.
  • Decide which attributes are transmitted to Ubisecure Authentication Server in addition to the user's subject. Please refer to later this documentation for more information about the possible attribute values.