Comment: New article
Comment: Remember to update the release version numbers in the article before publishing externally.
Info |
---|
This article includes is new for Smart ID Identity Manager 245.0.R11. |
This article provides guidance and troubleshooting tips for addressing common error scenarios related to the sign and encrypt engine and how to solve them.
...
This means that one or more blacklisted keys (such as publicly known demo keys, for example, keys that are considered compromised and unfit for production use, are still ) are in use. Each message indicates the offending descriptor and version from the configuration XML.
...
This means that the configuration XML for the sign and encrypt engine references a file that does not exist at the given location. All files referenced via the location classpath:
usually need to be inside the WEB-INF\classes\ folder of the web application. In Identity Manager versions before 24.R1,that folder did contain all demo keys, which were since removed. Furthermore, theengineSignEncryptConfig.xml shipped in WAR files of 24.R1 and above references additional P12 files not used or not bootstrapped previously. By default, a dedicated P12 file per descriptor is used instead of sharing files between descriptors.
For docker deployment the files have to be placed into the docker/compose/certs folder, which is mounted into /certs inside the container. These files need to be referenced as shown below (replace example.p12 with the proper filename):
Code Block |
---|
file:/certs/example.p12 |
For more information, see Bootstrapping the sign and encrypt engine to bootstrap any missing keys/certificates.
...