GlobalID Installation, v5.0

 

 

1. Install Tomcat .war files

Copy the GlobalID .war files to /usr/share/tomcat/webapps

 

2. Configure Tomcat for GlobalID

Edit the Tomcat configuration file “/etc/tomcat/conf/tomcat.conf”

After the line “JAVA_OPTS=""-Djavax.sql.D…….” you will need to add an extra line with the parameter ““-Dspring.profile.active”:

The “-Dspring.profile.active” flag dictates which spring profiles are active in the application. As a mandatory profile, the application must include either: “embdev”, “dev”, “test”, “prod” profile. Other profiles “adca” and “nets” are optional and they control if “adca” or “nets” implementation is enabled.

Examples:

For access to ADCA production only, please use the following:

JAVA_OPTS="-Dspring.profiles.active=prod,adca -Dexternal.config.home=/var/opt/"

 

For access to the Nets MOCES2 production system, please use the following:

JAVA_OPTS="-Dspring.profiles.active=prod,nets-Dexternal.config.home=/var/opt/"

 

For access to the Nets MOCES2 pre-production system, please use the following:

JAVA_OPTS="-Dspring.profiles.active=test,nets-Dexternal.config.home=/var/opt/"

 

Make the catalog /var/opt/GlobalID

Copy the file “globalid.properties” from the installation set folder GlobaIDConf to /var/opt/GlobalID.

 

3. Import eDirectory CA Certificate

Change current catalog to /var/opt/GlobalID.

Import the previously acquired CA certificate (see eDirectory preparation section) from the eDirectory folder into a java JKS file using java keytool:

/usr/bin/keytool -importcert -file cert.der -keystore cacerts.jks -alias ldap

 

4. Configuration of Tomcat SSL Certificate (optional)

The default installation uses a self-signed certificate issued by eDirectroy.

To use a client trusted certificate, ex. a Star-certificate in the customer domain, please edit the server.xml in /etc/tomcat/server.xml

Copy the Star-Certificate to the server.

Locate the connector in the server.xml file and change the red marked settings below to match the Star-Certificate file and password:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" maxHttpHeaderSize="8192" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreType="PKCS12" keystoreFile="/etc/tomcat/conf/myCert.p12" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="+TLSv1.1, +TLSv1.2" />

Consider changing the keystore password to a more secure value. Refer to the official Tomcat documentation for further details on Tomcat SSL configuration:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

5. Configuration of GlobalID

Change current directory to <INSTALL_SET>/Encryption Tool. The directory should contain:

encrypt.sh

crypto-app-V1.0.jar

Confirm that “globalid.properties” is properly located as /var/opt/GlobalID/globalid.properties

Run ./encrypt.sh to configure the file “globalid.properties”.

 

6. Configure logrotate

Copy <INSTALL_SET>/logrotate.d/globalid to the GlobalID server /etc/logrotate.d/

This file defines how often the GlobalID logfiles will be rotated. Rotated logs are not visible in the GlobalID AdminUI.

Adjust as necessary for your requirements.

7. Re-start Tomcat

Restart tomcat using: rctomcat restart

GlobalID should be available on https://<ServerDNS>:8443/GlobalID/login/

(You cannot login yet, though)