Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorial:adm:czechidm_installation_win [2018/10/19 08:25]
stloukalp
tutorial:adm:czechidm_installation_win [2018/11/09 14:18] (current)
fiserp [Create CzechIdM configuration folders]
Line 39: Line 39:
 </​code>​ </​code>​
  
 +==== Create SSL truststore ====
 +Open the Git Bash and navigate to the ''/​c/​czechidm/​etc''​. Then create fake certificate which will be, for this time, the only certificate in the truststore.
 +<​code>​
 +openssl genrsa -out fakecert.key
 +openssl req -new -key fakecert.key -out fakecert.csr -subj "/​C=CZ/​ST=Czech Republic/​L=Prague/​O=BCV/​CN=CzechIdM placeholder cert"
 +openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt
 +keytool -importcert -file fakecert.crt -alias placeholder-cert -keystore truststore.jks
 +    Enter keystore password: ​ ENTER SOME PASSWORD HERE AND REMEMBER IT FOR LATER
 +    Re-enter new password:
 +    ...
 +    Trust this certificate?​ [no]:  yes
 +    Certificate was added to keystore
 +
 +rm fakecert.key fakecert.csr fakecert.crt
 +</​code>​
 +
 +Then adjust Tomcat configuration - the ''​JAVA_OPTS''​ - as you did before. Add path to the truststore ''​-Djavax.net.ssl.trustStore=C:/​CzechIdM/​etc/​truststore.jks''​ and truststore password ''​-Djavax.net.ssl.trustStorePassword=THE PASSWORD YOU ENTERED WHEN CREATING KEYSTORE''​.
 +
 +Save the configuration and restart the Tomcat for changes to take effect.
 ==== Create CzechIdM configuration ==== ==== Create CzechIdM configuration ====
 Now we will create configuration files the CzechIdM will use. Now we will create configuration files the CzechIdM will use.