Versions Compared

Version Old Version 5 New Version 6
Changes made by

David Banz

David Banz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For replacing these keys seeĀ 24.R1: Bootstrap the sign and encrypt engine in Identity Manager .

Warning

Replacing the EncryptedFields descriptor's key requires re-encryption of existing secrets via the batch_secretfieldstore_change_encryption_key tool. See 24.R1: Change Encryption key of secret field store .

Replacing the ObjectHistorySigner descriptor's key requires re-signing existing history entries via the batch_re-sign_history tool.

Replacing the ConfigZipSigner descriptor's key means any previously exported encrypted config ZIP files cannot be decrypted anymore (versioning to enable decryption with historical keys is not yet supported here).

...

Scenario A: Tomcat WAR deployment created without bootstrapping

See 24.R1: Create custom certificates for Tomcat installations (non-Docker) for instructions on how to create and configure the bootstrap CA and P12 files.

...

You mostly follow the steps fromĀ 24.R1: Create custom certificates for Tomcat installations (non-Docker) , but with some changes, as we want to retain the previously bootstrapped P12 files.

...