Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 31 Next »

This article is valid for Smart ID Identity Manager 24.R1.

The bootstrap CA certificate generated by the procedure below will have a validity of 20 years, and each end-entity certificate will be valid for 1 year.
The generated PINs for every P12 file are automatically scrambled.
No keys and certificates will be generated for descriptions which absent from signencrypt.xml.

For Tomcat Dev/Test Deployment

Requirements:

  • Tomcat not started

  • Tomcat folder containing unpacked IDM Operator and IDM Admin of IDM 24.R1 or later on Linux or Windows

  • unpacked bootstrapping.zip for the respective IDM release

Instructions:

  1. Open a command-line window.

  2. Change to the unpacked bootstrap folder containing create_sign_encrypt_certs.sh (linux) or create_sign_encrypt_certs.bat (windows).

  3. Execute the respective script for your OS.

    1. Linux: ./create_sign_encrypt_certs.sh --targetDir /PATH/TO/TOMCAT/webapps/idm-operator/WEB-INF/classes [OPTIONAL ARGS]

    2. Windows: create_sign_encrypt_certs.bat --targetDir C:\PATH\TO\TOMCAT\webapps\idm-operator\WEB-INF\classes [OPTIONAL ARGS]
      Execute the script without any parameters to see all supported arguments (if you need the plain text passwords of the generated P12 files, then adding the passwordList argument is recommended):
      create_sign_encrypt_certs.bat / create_sign_encrypt_certs.sh
            --caDir <dir>           CA cert directory - absolute or relative to
                                    bootstrapping directory (default: cacerts)
            --configFile <file>     config to modify - absolute or relative to
                                    target directory (default:
                                    engineSignEncryptConfig.xml)
            --passwordList <file>   optionally create file which lists unscrambled
                                    passwords - absolute or relative to target
                                    directory (will overwrite existing)
            --targetDir <dir>       target directory for certificates - absolute
                                    or relative to current directory

  4. Copy all P12 files and engineSignEncryptConfig.xml from idm-operator/WEB-INF/classes to idm-admin/WEB-INF/classes
    (optionally you can prune the files and XML entries which IDM Admin does not need).

For Docker Dev/Test Deployment

Requirements:

  • unpacked smartid package for the respective IDM release on a Linux/WSL docker host

  • no container started

Instructions:

  1. Enter the smartid/docker/compose folder.

  2. Prepare the files init-smartid.env and smartid.env according to the deployment documentation.
    If you need the plain text passwords of the generated P12 files, then edit smartid/docker/compose/identitymanager/bootstrap/docker-compose.yml
    and replace
    command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs"]

    within the create_sign_encrypt_certs section with
    command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs", "-passwordList", "pwlist.txt"].
    This will ensure the file smartid/docker/compose/certs/pwlist.txt will be created.

  1. Execute the init script: ./init-smartid.sh, which will guide you through the process, including bootstrapping.

Additional information


  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions