This shows you the differences between two versions of the page.
Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation [2019/06/10 13:13] urbanl old revision restored (2019/03/18 14:46) |
tutorial:adm:czechidm_installation [2019/08/22 13:29] doischert [8. Create dedicated Java truststore] |
</code> | </code> |
| |
Edit the Tomcat service file ''/etc/systemd/system/tomcat.service'' and add path to the truststore ''-Djavax.net.ssl.trustStore=/opt/czechidm/etc/truststore.jks'' and truststore password ''-Djavax.net.ssl.trustStorePassword=THE PASSWORD YOU ENTERED WHEN CREATING KEYSTORE'' to the Java options. Finally, reload the systemd and restart Tomcat. | Edit the Tomcat service file (systemctl edit tomcat.service) and add path to the truststore ''-Djavax.net.ssl.trustStore=/opt/czechidm/etc/truststore.jks'' and truststore password ''-Djavax.net.ssl.trustStorePassword=THE PASSWORD YOU ENTERED WHEN CREATING KEYSTORE'' to the Environment='JAVA_OPTS' options. Finally, reload the systemd and restart Tomcat. |
<code> | <code> |
systemctl daemon-reload | systemctl daemon-reload |
Follow some final configuration steps: [[tutorial:adm:czechidm_installation_finalize|]]. | Follow some final configuration steps: [[tutorial:adm:czechidm_installation_finalize|]]. |
| |
=== Known Isues === | === On CentOS set permisive mod on Tomcat === |
It is possible that, on some distros, SELinux will deny acces to the database for tomcat. The tomcat will error to the ''/var/log/tomcat/catalina.out''or ''/var/log/messages'' line similar to ''org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.''. | SELinux will deny acces to the database for tomcat and won't allow create files by him. The tomcat will write error to the ''/var/log/tomcat/catalina.out''or ''/var/log/messages'' line similar to ''org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.''. |
| |
If this happens, set the permissive mode for tomcat: | To fix this we need set the permissive mode for tomcat: |
<code> | <code> |
semanage permissive -a tomcat_t | semanage permissive -a tomcat_t |