The Smart ID clients Mobile and Desktop clients refuse HTTP connections. Therefore, Smart ID Messaging must be set up to listen on an HTTPS port. It is recommended to also run Identity Manager over HTTPS, even if callbacks from Smart ID Messaging to Identity Manager are also allowed over HTTP. The following instruction assumes that both Smart ID Messaging and Identity Manager run in Tomcat. To set up HTTPS connections for Identity Manager and Smart ID Messaging: - Set up HTTPS ports in the file server.xml in the respective Tomcat installation.
- Make sure that the following URLs have the HTTPS scheme and ports for HTTPS, as described above:
- In Smart ID Messaging:
callbackUrl : Identity Manager callback base URL for Smart ID Messaging.publicUrl : Smart ID Messaging MS endpoint
- In Identity Manager:
URL : Smart ID Messaging command URL for Identity Manager.
- Configure cacerts with the new CA certificate:
- Copy the file jre\lib\security\cacerts of the JVM and store it somewhere, for example in C:\the\modified\cacerts.
- Import the new CA certificate in the new cacerts file.
Set the cacerts as JVM arguments of each Tomcat, for example, by setting the CATALINA_OPTS environment variable:
Code Block |
---|
title | Example: JVM arguments in CATALINA_OPTS |
---|
| -Djavax.net.ssl.trustStore="C:\the\modified\cacerts" -Djavax.net.ssl.trustStorePassword="changeit" |
|