CertAP installation on Windows

Install Server JRE

You can find instructions on how to install the Server JRE from the Windows install - SSO page. 

Use the same instructions to set the JRE_HOME environment variable.

Unpacking the Software

Unzip the packet

cd /d "C:\Program Files\Ubisecure"
unzip certap-X.X.X.zip

Modifying the Configuration Template

Open the win32.config configuration file in a text editor.

cd /d "C:\Program Files\Ubisecure\certap\certap"
notepad win32.config

Specify the parameter certap.url and save the file. The Certificate Authentication Provider will be deployed to this URL.

certap.url = https://certap.example.com:9443

Run the setup.cmd script to create the configuration files.

cd /d "C:\Program Files\Ubisecure\certap\certap"
setup.cmd

Setting the PKI Policies

Next step is to define which certificates the Certificate AP is to trust. The folder /ubilogin-certap/certap/samples/Exampe CA/ contains sample configurations for testing purposes.

By default two-way SSL authentication is used so the Tomcat must be told which client certificates to trust when creating the SSL connection between the client and Certificate AP

cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\cacerts.jks" custom\tomcat

Copy the sample policy.xml file

cd /d "C:\Program Files\Ubisecure\certap\certap"
copy "samples\Example CA\policy.xml" webapps\certap\WEB-INF\uap\pki

The corresponding certificate containing the private key and the password protecting the key are found in samples\Example CA\test@example.com.pfx

Import the key to your system with the Certificate Import Wizard in order to authenticate yourself to the Certificate AP by double clicking the .pfx file. The password protecting the key is found in samples\Example CA\test@example.com.txt

Finish the Certificate Authentication Provider installation

Finish the installation of the Certificate AP by running the installation script

cd /d "C:\Program Files\Ubisecure\certap\certap"
config\tomcat\install.cmd

Verify that the Certificate AP is successfully installed by visiting the following url. Use of Internet Explorer is recommended. When the browser prompts for a client certificate select the one installed in previous section.

https://certap.example.com:9443/certap/saml2/SingleSignOnService 

The following web page is shown:

Figure 1. Web page indicating the successful installation of Certificate AP