This article is valid for Smart ID Identity Manager 24.R1.
The bootstrap CA certificate generated by the procedure below will have a validity of 20 years, and each end-entity certificate will be valid for 1 year.
The generated PINs for every P12 file are automatically scrambled.
No keys and certificates will be generated for descriptions which absent from signencrypt.xml.
For Tomcat Dev/Test Deployment
Requirements:
Tomcat folder containing IDM Operator and IDM Admin of IDM 24.R1 or later on Linux or Windows
Tomcat not started
unpacked bootstrap.zip for the respective IDM release
Instructions:
Open a command-line window.
Change to the unpacked bootstrap folder containing create_sign_encrypt_certs.sh (linux) or create_sign_encrypt_certs.bat (windows).
Execute the respective script for your OS.
Linux:
./create_sign_encrypt_certs.sh --targetDir /PATH/TO/TOMCAT/webapps/idm-operator/WEB-INF/classes [OPTIONAL ARGS]
Windows:
create_sign_encrypt_certs.bat --targetDir C:\PATH\TO\TOMCAT\webapps\idm-operator\WEB-INF\classes [OPTIONAL ARGS]
See full usage for optional arguments (if you need the plain text passwords of the generated P12 files, then adding the passwordList argument is recommended):create_sign_encrypt_certs.bat / create_sign_encrypt_certs.sh
--caDir <dir> CA cert directory - absolute or relative to
bootstrapping directory (default: cacerts)
--configFile <file> config to modify - absolute or relative to
target directory (default:
engineSignEncryptConfig.xml)
--passwordList <file> optionally create file which lists unscrambled
passwords - absolute or relative to target
directory (will overwrite existing)
--targetDir <dir> target directory for certificates - absolute
or relative to current directory
Copy all P12 files and engineSignEncryptConfig.xml from idm-operator/WEB-INF/classes to idm-admin/WEB-INF/classes
(optionally you can prune the files and XML entries which IDM Admin does not need).
For Docker Dev/Test Deployment
Requirements:
unpacked smartid package for the respective IDM release on a Linux/WSL docker host
no container started
Instructions:
Enter the smartid/docker/compose folder.
Prepare the files
init-smartid.env
andsmartid.env
according to the deployment documentation.
If you need the plain text passwords of the generated P12 files, then edit smartid/docker/compose/identitymanager/bootstrap/docker-compose.yml
and replace
command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs"]
within the
create_sign_encrypt_certs
section withcommand: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs", "-passwordList", "pwlist.txt"]
.
This will ensure the file smartid/docker/compose/certs/pwlist.txt will be created.
Execute the init script:
./init-smartid.sh
, which will guide you through the process, including bootstrapping.