Appliance Installation, v5.0.4

Login as root and verify that the system has been successfully registered with SUSE (SUSEConnect --status-text)

 

Change directory to /root/globalid-appliance/install

Run the script ./GlobalID-Install.sh

The installer will verify that a USB stick is present with the required certificates.

 

Select the GlobalID components to install:

  • AD (Advice Directory CA)

  • MOCES2 (Denmark eID CA)

 

Based on your selection of GlobalID components, the installer will prompt for a number of passwords and other information.

For testing purposes, it is possible to use a common password for all services.

For production environments it is strongly recommended to use individual passwords for all services.

Please note: Don’t use any of the special chars in the passwords “ ' $ ! * ´ ` ?

 

  • Password for the eDirectory administrator (cn=admin,ou=sa,o=system). This user should have a very strong password, since it will have rights to all objects and settings.

  • Password for the GlobalID Service User (cn=GlobalIDService,ou=sa,o=data). This user should have a very strong password, since it will have rights to all objects and settings within the scope of GlobalID.

  • Password for the GlobalID Admin (cn=GlobalIDAdmin,ou=Users,o=data). GlobalID Admin should only be used to make the initial setup. Afterwards, the account should be deleted or remain inactive.
    GlobalIDAdmin can initially access to the administrative interface https://<server_name>/GlobalID/admin-ui/

  • Password for the GlobalID User Admin (cn=GlobalIDUserAdmin,ou=Users,o=data).
    GlobalIDUserAdmin can initially access the user administration interface https://<server_name>/GlobalID/user-ui/

  • Password for the MariaDB user. This user should have a very strong password, since it will have rights to the Camunda database.

  • The wildcard certificate file (pem/p12/pkcs12) for use on all tomcat services.

  • Password for the wildcard certificate file for use on all tomcat services.

  • Password for the GlobalID JKS files, this will contain certificates from eDirectory(LDAP), AD and trusted CA integrations.

  • [AD-only] The name of the certificate template to use for issue Active Directory certificates.

  • [AD-only] The URL of the AD issuing CES service, this can be gathered using the certutil.exe utility on a machine that is a member of the domain.

  • [AD-only] The URL of the AD issuing CESP service, this can be gathered using the certutil.exe utility on a machine that is a member of the domain.

  • [AD-only] Active Directory CA certificate file (pem/pkcs12).

  • [MOCES2-only] Company CVR, this is used for issuing employee certificate in the companies context at Nets/DanID.

  • [MOCES2-only] The VOCES certificate file (pem/pkcs12) for use in 2-way SSL communication with Nets/DanID.

  • [MOCES2-only] Password for the VOCES certificate file.

 

The installer will show a summary; pressing ENTER will start the installation; CTRL+C to cancel.

The installer runs for 5-30 minutes depending on the options selected, the hardware and the internet speed.

 

Once the installation has finished, the installer will exit with instructions on how to create a Camunda service account. This will be removed in future releases.

 

Please see the general documentation regarding the usage of the system.