Install Tomcat server certificate

Where do you specify which certificate Ubisecure SSO/CustomerID uses? Where are server certificate stored?

Step-by-step guide

Settings are stored in the Tomcat server.xml file. By default, after initial installation, Ubisecure SSO uses certificate stored in the file "ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx". Ubisecure CustomerID uses certificate stored in the file "customerid/application/custom/tomcat/keystore.pfx"

Your own certificate is often in the .pfx form. \customerid\application\config\tomcat\conf\server.xml file must be modified to use this certificate, for example:

<Connector
	port="443 address="0.0.0.0" scheme="https" secure="true"
	sslProtocol="TLS"
	useBodyEncodingForURI="true" maxHttpHeaderSize="65536"
	keystoreFile="C:\Program Files\Ubisecure\customerid\application/custom/tomcat/keystore.pfx" keystoreType="PKCS12" keystorePass="password"
/>

Ceritificate alias name inside keystore must be "tomcat" when applied on tomcat servers, in practise SSO or CustomerID 4.x versions. In CustomerID 5.x the application server is wildfly and the certificate alias with default CustomerID installation is expected to be "wildfly". 

After you overwrite the file keystore.pfx you must execute

SSO:

ubilogin-sso/ubilogin/config/tomcat/update.cmd (Windows)

or

./tomcat/update.sh (linux)

CustomerID:

customerid\application\config\tomcat\update.cmd (Windows)

or 

./tomcat/update.sh (linux)

The change must be made on each node.

For more information, see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html.

Related articles

• Page:
  Get roles from both CustomerID and SAML federation using authorization policy
• Page:
  How to log and trace OAuth2 and OpenID Connect HTTP messages
• Page:
  Disable assertion encryption
• Page:
  Passwordless login methods
• Page:
  Change the hostname of a CustomerID installation

Related issues