Login as root and verify that the system has been successfully registered with SUSE (SUSEConnect --status-text)
Change directory to /root/globalid-appliance/install
Run the script ./GlobalID-Install.sh
The installer will verify that a USB stick is present with the required certificates.
Select the GlobalID components to install:
AD (Advice Directory CA)
MOCES2 (Denmark eID CA)
Based on your selection of GlobalID components, the installer will prompt for a number of passwords and other information.
For testing purposes, it is possible to use a common password for all services.
For production environments it is strongly recommended to use individual passwords for all services.
Please note: Don’t use any of the special chars in the passwords
“ ' $ ! * ´ ` ?
Password for the eDirectory administrator (cn=admin,ou=sa,o=system). This user should have a very strong password, since it will have rights to all objects and settings.
Password for the GlobalID Service User (cn=GlobalIDService,ou=sa,o=data). This user should have a very strong password, since it will have rights to all objects and settings within the scope of GlobalID.
Password for the GlobalID Admin (cn=GlobalIDAdmin,ou=Users,o=data). GlobalID Admin should only be used to make the initial setup. Afterwards, the account should be deleted or remain inactive.
GlobalIDAdmin can initially access to the administrative interface https://<server_name>/GlobalID/admin-ui/
Password for the GlobalID User Admin (cn=GlobalIDUserAdmin,ou=Users,o=data).
GlobalIDUserAdmin can initially access the user administration interface https://<server_name>/GlobalID/user-ui/
Password for the MariaDB user. This user should have a very strong password, since it will have rights to the Camunda database.
The wildcard certificate file (pem/p12/pkcs12) for use on all tomcat services.
Password for the wildcard certificate file for use on all tomcat services.
Password for the GlobalID JKS files, this will contain certificates from eDirectory(LDAP), AD and trusted CA integrations.
[AD-only] The name of the certificate template to use for issue Active Directory certificates.
[AD-only] The URL of the AD issuing CES service, this can be gathered using the certutil.exe utility on a machine that is a member of the domain.
[AD-only] The URL of the AD issuing CESP service, this can be gathered using the certutil.exe utility on a machine that is a member of the domain.
[AD-only] Active Directory CA certificate file (pem/pkcs12).
[MOCES2-only] Company CVR, this is used for issuing employee certificate in the companies context at Nets/DanID.
[MOCES2-only] The VOCES certificate file (pem/pkcs12) for use in 2-way SSL communication with Nets/DanID.
[MOCES2-only] Password for the VOCES certificate file.
The installer will show a summary; pressing ENTER will start the installation; CTRL+C to cancel.
The installer runs for 5-30 minutes depending on the options selected, the hardware and the internet speed.
Once the installation has finished, the installer will exit with instructions on how to create a Camunda service account. This will be removed in future releases.
Please see the general documentation regarding the usage of the system.