Page tree
Skip to end of metadata
Go to start of metadata

Where do you specify which certificate Ubisecure SSO/CustomerID uses? Where are server certificate stored?

Step-by-step guide

Settings are stored in the Tomcat server.xml file. By default, after initial installation, Ubisecure SSO uses certificate stored in the file "ubilogin-sso/ubilogin/custom/tomcat/keystore.pfx". Ubisecure CustomerID uses certificate stored in the file "customerid/application/custom/tomcat/keystore.pfx"

Your own certificate is often in the .pfx form. \customerid\application\config\tomcat\conf\server.xml file must be modified to use this certificate, for example:

Server.xml
<Connector
	port="443 address="0.0.0.0" scheme="https" secure="true"
	sslProtocol="TLS"
	useBodyEncodingForURI="true" maxHttpHeaderSize="65536"
	keystoreFile="C:\Program Files\Ubisecure\customerid\application/custom/tomcat/keystore.pfx" keystoreType="PKCS12" keystorePass="password"
/>

Ceritificate alias name inside keystore must be "tomcat" when applied on tomcat servers, in practise SSO or CustomerID 4.x versions. In CustomerID 5.x the application server is wildfly and the certificate alias with default CustomerID installation is expected to be "wildfly". 

After you overwrite the file keystore.pfx you must execute

SSO:

ubilogin-sso/ubilogin/config/tomcat/update.cmd (Windows)

or

./tomcat/update.sh (linux)

CustomerID:

customerid\application\config\tomcat\update.cmd (Windows)

or 

./tomcat/update.sh (linux)


The change must be made on each node.


For more information, see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html.

Related issues