Table of Contents

style	none

High-Level Bootstrapping Procedure

Info
When bootstrapping productive systems, pay special attention to the general requirements, key requirements and certificate requirements sections of each descriptor. For development- and test-systems, please refer to Bootstrapping Development And Test Systems.

Acquire suitable certificates and keys for each descriptor.
Mostly they will be requested from a certificate authority (e.g. Smart ID Certificate Manager or a public CA), with some exceptions where self-signed credentials created via tools like Keystore Explorer are sufficient.
Place any of those credentials which are stored in PKCS#12 files as opposed to an HSM into the correct folders:
1. Tomcat on Windows: C:\PATH\TO\TOMCAT\webapps\idm-[admin|operator]\WEB-INF\classes\
2. Tomcat on Linux: /path/to/tomcat/idm-[admin|operator]/WEB-INF/classes/
3. Docker on Linux: /PATH/TO/smartid/docker/compose/certs/
Edit the XML configuration file(s) to reference the appropriate files:
1. Tomcat on Windows: C:\PATH\TO\TOMCAT\webapps\idm-[admin|operator]\WEB-INF\classes\engineSignEncryptConfig.xml
2. Tomcat on Linux: /path/to/tomcat/idm-[admin|operator]/WEB-INF/classes/engineSignEncryptConfig.xml
3. Docker on Linux: /PATH/TO/smartid/docker/compose/identitymanager/config/signencrypt.xml
  Note: each file needs to be referenced by the path within the container, as opposed to the path on the host.
  For example: file:/certs/MYFILE.p12

Info
For credentials stored in an HSM refer to Configure HSM in Identity Manager .

Detailed Overview Of Descriptors

...