Old title: Create custom certificates for Tomcat installations (non-Docker)

TODO: replace this page entirely with a new content explaining the new dev-/test tooling for WAR and Docker deployments, see also https://confluence.nexusgroup.com/pages/viewpage.action?pageId=211419460

Tomcat deployments

xy

(note: bootstrapping should be done on IDMOperator, then resulting files copied over to Admin and optionally pruned of files and entries IDM Admin does not need)

create_sign_encrypt_certs.bat --passwordList c:\secrets\pwlist.txt --targetDir idm-operator\WEB-INF\classes

  usage: create_sign_encrypt_certs.bat 
      --caDir <dir>           CA cert directory - absolute or relative to
                              bootstrapping directory (default: cacerts)
      --configFile <file>     config to modify - absolute or relative to
                              target directory (default:
                              engineSignEncryptConfig.xml)
      --passwordList <file>   optionally create file which lists unscrambled
                              passwords - absolute or relative to target
                              directory (will overwrite existing)
      --targetDir <dir>       target directory for certificates - absolute
                              or relative to current directory

Docker deployments

xy

OBSOLETE CONTENT BELOW!

...

In a production environment, the certificates used must be created by a real certificate authority (CA). By doing so, the trust is clear.

...