/
Install Tomcat server certificate

Install Tomcat server certificate

Owned by Former user (Deleted)

Where do you specify which certificate Ubisecure SSO/CustomerID uses? Where are server certificate stored?

Step-by-step guide

Settings are stored in the Tomcat server.xml file. By default, after initial installation, Ubisecure SSO uses certificate stored in the file "ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx". Ubisecure CustomerID uses certificate stored in the file "customerid/application/custom/tomcat/keystore.pfx"

Your own certificate is often in the .pfx form. \customerid\application\config\tomcat\conf\server.xml file must be modified to use this certificate, for example:

Server.xml
<Connector
	port="443 address="0.0.0.0" scheme="https" secure="true"
	sslProtocol="TLS"
	useBodyEncodingForURI="true" maxHttpHeaderSize="65536"
	keystoreFile="C:\Program Files\Ubisecure\customerid\application/custom/tomcat/keystore.pfx" keystoreType="PKCS12" keystorePass="password"
/>

Ceritificate alias name inside keystore must be "tomcat" when applied on tomcat servers, in practise SSO or CustomerID 4.x versions. In CustomerID 5.x the application server is wildfly and the certificate alias with default CustomerID installation is expected to be "wildfly". 

After you overwrite the file keystore.pfx you must execute

SSO:

ubilogin-sso/ubilogin/config/tomcat/update.cmd (Windows)

or

./tomcat/update.sh (linux)

CustomerID:

customerid\application\config\tomcat\update.cmd (Windows)

or 

./tomcat/update.sh (linux)


The change must be made on each node.


For more information, see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html.

Related issues


Related content

Ubisecure Privacy Policy & Cookie Statement