| Info |
|---|
This article is valid for Smart ID Identity Manager 24.R1. |
The bootstrap CA certificate generated by the procedure below will have a validity of 20 years, and each end-entity certificate will be valid for 1 year.
The generated PINs for every P12 file are automatically scrambled.
No keys and certificates will be generated for descriptions which absent from signencrypt.xml.
For Tomcat Dev/Test Deployment
Requirements:
Tomcat not started
Tomcat folder containing unpacked IDM Operator and IDM Admin of IDM 24.R1 or later on Linux or Windows
Tomcat not started
unpacked bootstrapbootstrapping.zip for the respective IDM release
...
Open a command-line window.
Change to the unpacked bootstrap folder containing create_sign_encrypt_certs.sh (linux) or create_sign_encrypt_certs.bat (windows).
Execute the respective script for your OS.
Linux:
./create_sign_encrypt_certs.sh --targetDir /PATH/TO/TOMCAT/webapps/idm-operator/WEB-INF/classes [OPTIONAL ARGS]Windows:
create_sign_encrypt_certs.bat --targetDir C:\PATH\TO\TOMCAT\webapps\idm-operator\WEB-INF\classes [OPTIONAL ARGS]
See full usage for optional Execute the script without any parameters to see all supported arguments (if you need the plain text passwords of the generated P12 files, then adding the passwordList argument is recommended):create_sign_encrypt_certs.bat / create_sign_encrypt_certs.sh--caDir <dir> CA cert directory - absolute or relative tobootstrapping directory (default: cacerts)--configFile <file> config to modify - absolute or relative totarget directory (default:engineSignEncryptConfig.xml)--passwordList <file> optionally create file which lists unscrambledpasswords - absolute or relative to targetdirectory (will overwrite existing)--targetDir <dir> target directory for certificates - absoluteor relative to current directory
Copy all P12 files and engineSignEncryptConfig.xml from idm-operator/WEB-INF/classes to idm-admin/WEB-INF/classes
(optionally you can prune the files and XML entries which IDM Admin does not need).
...