GlobalID Installation, v5.0



1. Install Tomcat .war files

Copy the GlobalID .war files to /usr/share/tomcat/webapps


2. Configure Tomcat for GlobalID

Edit the Tomcat configuration file “/etc/tomcat/conf/tomcat.conf”

After the line “JAVA_OPTS=""-Djavax.sql.D…….” you will need to add an extra line with the parameter ““”:

The “” flag dictates which spring profiles are active in the application. As a mandatory profile, the application must include either: “embdev”, “dev”, “test”, “prod” profile. Other profiles “adca” and “nets” are optional and they control if “adca” or “nets” implementation is enabled.


For access to ADCA production only, please use the following:

JAVA_OPTS=",adca -Dexternal.config.home=/var/opt/"


For access to the Nets MOCES2 production system, please use the following:



For access to the Nets MOCES2 pre-production system, please use the following:



Make the catalog /var/opt/GlobalID

Copy the file “” from the installation set folder GlobaIDConf to /var/opt/GlobalID.


3. Import eDirectory CA Certificate

Change current catalog to /var/opt/GlobalID.

Import the previously acquired CA certificate (see eDirectory preparation section) from the eDirectory folder into a java JKS file using java keytool:

/usr/bin/keytool -importcert -file cert.der -keystore cacerts.jks -alias ldap


4. Configuration of Tomcat SSL Certificate (optional)

The default installation uses a self-signed certificate issued by eDirectroy.

To use a client trusted certificate, ex. a Star-certificate in the customer domain, please edit the server.xml in /etc/tomcat/server.xml

Copy the Star-Certificate to the server.

Locate the connector in the server.xml file and change the red marked settings below to match the Star-Certificate file and password:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" maxHttpHeaderSize="8192" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" keystoreType="PKCS12" keystoreFile="/etc/tomcat/conf/myCert.p12" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="+TLSv1.1, +TLSv1.2" />

Consider changing the keystore password to a more secure value. Refer to the official Tomcat documentation for further details on Tomcat SSL configuration:

5. Configuration of GlobalID

Change current directory to <INSTALL_SET>/Encryption Tool. The directory should contain:


Confirm that “” is properly located as /var/opt/GlobalID/

Run ./ to configure the file “”.


6. Configure logrotate

Copy <INSTALL_SET>/logrotate.d/globalid to the GlobalID server /etc/logrotate.d/

This file defines how often the GlobalID logfiles will be rotated. Rotated logs are not visible in the GlobalID AdminUI.

Adjust as necessary for your requirements.

7. Re-start Tomcat

Restart tomcat using: rctomcat restart

GlobalID should be available on https://<ServerDNS>:8443/GlobalID/login/

(You cannot login yet, though)