Install Tomcat server certificate
Where do you specify which certificate Ubisecure SSO/CustomerID uses? Where are server certificate stored?
Step-by-step guide
Settings are stored in the Tomcat server.xml file. By default, after initial installation, Ubisecure SSO uses certificate stored in the file "ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx". Ubisecure CustomerID uses certificate stored in the file "customerid/application/custom/tomcat/keystore.pfx"
Your own certificate is often in the .pfx form. \customerid\application\config\tomcat\conf\server.xml file must be modified to use this certificate, for example:
<Connector port="443 address="0.0.0.0" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true" maxHttpHeaderSize="65536" keystoreFile="C:\Program Files\Ubisecure\customerid\application/custom/tomcat/keystore.pfx" keystoreType="PKCS12" keystorePass="password" />
Ceritificate alias name inside keystore must be "tomcat" when applied on tomcat servers, in practise SSO or CustomerID 4.x versions. In CustomerID 5.x the application server is wildfly and the certificate alias with default CustomerID installation is expected to be "wildfly".
After you overwrite the file keystore.pfx you must execute
SSO:
ubilogin-sso/ubilogin/config/tomcat/update.cmd (Windows)
or
./tomcat/update.sh (linux)
CustomerID:
customerid\application\config\tomcat\update.cmd (Windows)
or
./tomcat/update.sh (linux)
The change must be made on each node.
For more information, see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html.
Related articles
Related issues