Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation_win [2020/04/21 11:43] fiserp [Create DB user and database in PostgreSQL] |
tutorial:adm:czechidm_installation_win [2020/10/01 14:45] urbanl old revision restored (2020/09/08 12:11) |
||
---|---|---|---|
Line 8: | Line 8: | ||
==== Create DB user and database in PostgreSQL ==== | ==== Create DB user and database in PostgreSQL ==== | ||
- | Open a **PSQL** binary from the Start menu. A windows-cmd-like window should appear with a prompt. Create a db user and a database for CzechIdM. | + | Open a **PSQL** binary from the Start menu (for the OpenSCG PostgreSQL) or fire-up the cmd terminal and run '' |
- | < | + | < |
CREATE USER czechidm PASSWORD ' | CREATE USER czechidm PASSWORD ' | ||
- | # Choose appropriate collation and create database. | + | -- Choose appropriate collation and create database. |
- | # with english collation (we expect the default windows installation with cp1250/ | + | -- with english collation (we expect the default windows installation with cp1250/ |
CREATE DATABASE " | CREATE DATABASE " | ||
- | # with czech collation | + | -- with czech collation |
CREATE DATABASE " | CREATE DATABASE " | ||
</ | </ | ||
Line 22: | Line 22: | ||
Use the pgAdmin or PSQL to test the database connection under the '' | Use the pgAdmin or PSQL to test the database connection under the '' | ||
==== JDBC driver installation ==== | ==== JDBC driver installation ==== | ||
- | Download the PostgreSQL JDBC driver from the [[https:// | + | Download the PostgreSQL JDBC driver from the [[https:// |
==== Configure environment properties. Select application profile ==== | ==== Configure environment properties. Select application profile ==== | ||
Run the **Monitor Tomcat** application from the Start menu. Configure following settings: | Run the **Monitor Tomcat** application from the Start menu. Configure following settings: | ||
* Add '' | * Add '' | ||
- | * Add '' | + | * Add '' |
=== Change Tomat logging properties === | === Change Tomat logging properties === | ||
Line 32: | Line 32: | ||
In order to set-up log rotation we need stop logging to stdout and start logging to catalina.log . | In order to set-up log rotation we need stop logging to stdout and start logging to catalina.log . | ||
- | Make these changes in file "/ | + | Make these changes in file '' |
Comment out console handler. We don't want tomcat to log to stdout or stderr. | Comment out console handler. We don't want tomcat to log to stdout or stderr. | ||
< | < | ||
Line 74: | Line 74: | ||
==== Create SSL truststore ==== | ==== Create SSL truststore ==== | ||
Open the Git Bash and navigate to the ''/ | Open the Git Bash and navigate to the ''/ | ||
- | < | + | < |
openssl genrsa -out fakecert.key | openssl genrsa -out fakecert.key | ||
+ | # if the following command fails, remove the parameter -subj and supply the values interactively | ||
openssl req -new -key fakecert.key -out fakecert.csr -subj "/ | openssl req -new -key fakecert.key -out fakecert.csr -subj "/ | ||
openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt | openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt | ||
Line 242: | Line 243: | ||
There are two properties in application-production.properties that influence the confidential storage: | There are two properties in application-production.properties that influence the confidential storage: | ||
- | * You can set the 128bit (16byte) key directly in the property file using **cipher.crypt.secret.key** property or | + | * You can set the 128bit (16byte) or 256bit (32byte) key directly in the property file using **cipher.crypt.secret.key** property or |
* you can create separate file (in our case **secret.key**) containing a random string. Then you reference this file with **cipher.crypt.secret.keyPath** property. | * you can create separate file (in our case **secret.key**) containing a random string. Then you reference this file with **cipher.crypt.secret.keyPath** property. | ||
<note warning> | <note warning> | ||
Line 248: | Line 249: | ||
<note warning> | <note warning> | ||
- | Confidential storage uses AES/ | + | Confidential storage uses AES/ |
=== Attachment store === | === Attachment store === |