1. Install Tomcat .war files
Copy the GlobalID .war files to /usr/share/tomcat/webapps
2. Configure Tomcat for GlobalID
Edit the Tomcat configuration file “/etc/tomcat/conf/tomcat.conf”
After the line “JAVA_OPTS=""-Djavax.sql.D…….” you will need to add an extra line with the parameter ““-Dspring.profile.active”:
The “-Dspring.profile.active” flag dictates which spring profiles are active in the application. As a mandatory profile, the application must include either: “embdev”, “dev”, “test”, “prod” profile. Other profiles “adca” and “nets” are optional and they control if “adca” or “nets” implementation is enabled.
For access to ADCA production only, please use the following: JAVA_OPTS="-Dspring.profiles.active=prod,adca -Dexternal.config.home=/var/opt/" For access to the Nets MOCES2 production system, please use the following: JAVA_OPTS="-Dspring.profiles.active=prod,nets-Dexternal.config.home=/var/opt/" For access to the Nets MOCES2 pre-production system, please use the following: JAVA_OPTS="-Dspring.profiles.active=test,nets-Dexternal.config.home=/var/opt/"
Make the catalog /var/opt/GlobalID
Copy the file “globalid.properties” from the installation set folder GlobaIDConf to /var/opt/GlobalID.
3. Import eDirectory CA Certificate
Change current catalog to /var/opt/GlobalID.
Import the previously acquired CA certificate (see eDirectory preparation section) from the eDirectory folder into a java JKS file using java keytool:
/usr/bin/keytool -importcert -file cert.der -keystore cacerts.jks -alias ldap
4. Configuration of Tomcat SSL Certificate (optional)
The default installation uses a self-signed certificate issued by eDirectroy.
To use a client trusted certificate, ex. a Star-certificate in the customer domain, please edit the server.xml in /etc/tomcat/server.xml
Copy the Star-Certificate to the server.
Locate the connector in the server.xml file and change the red marked settings below to match the Star-Certificate file and password:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" maxHttpHeaderSize="8192" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreType="PKCS12" keystoreFile="
" keystorePass=" /etc/tomcat/conf/myCert.p12 " clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="+TLSv1.1, +TLSv1.2" /> changeit
Consider changing the keystore password to a more secure value. Refer to the official Tomcat documentation for further details on Tomcat SSL configuration:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html 5. Configuration of GlobalID
Change current directory to <INSTALL_SET>/Encryption Tool. The directory should contain:
Confirm that “globalid.properties” is properly located as /var/opt/GlobalID/globalid.properties
Run ./encrypt.sh to configure the file “globalid.properties”.
6. Configure logrotate
Copy <INSTALL_SET>/logrotate.d/globalid to the GlobalID server /etc/logrotate.d/
This file defines how often the GlobalID logfiles will be rotated. Rotated logs are not visible in the GlobalID AdminUI.
Adjust as necessary for your requirements.
7. Re-start Tomcat
Restart tomcat using:
GlobalID should be available on https://<ServerDNS>:8443/GlobalID/login/
(You cannot login yet, though)