Versions Compared

Version Old Version 5 New Version 6
Changes made by

Ylva Andersson

Ylva Andersson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor


Info

This article is valid for Smart ID Identity Manager 24.R1.

In a production environment, the certificates used must be created by a real certificate authority (CA). By doing so, the trust is clear.

...

  • Set up a local CA
    The CA can be used for several installations on the same machine.
  • Establish trust for the CA
    The CA certificate is installed in the cacerts truststore of the active Java installations. This step has to be repeated after every Java upgrade. Thus having a single CA keeps maintenance low. In order to access a Java installation on Windows, the script needs to run in Windows command line, not in WSL2.

  • Create the actual P12s
    By default, the names and pass phrases are used as the dummy certificates, so you just need to copy them to WEB-INF/classes in the web applications of the Identity Manager installation.

    Note

    In this example we only create four P12 files: one for encryption and one for signing, one for email-signing and one for the device-enc CA . It is recommended to use multiple different ones for various signing- and encryption-related use-cases, but the default config in supplied Tomcat packages uses a common signing P12 as well as an encryption P12 for both config zip and database secrets.


  • Double-check PINs
    You need to make sure that WEB-INF\classes\engineSignEncryptConfig.xml has the correct PINs that were used during bootstrapping.

...