Comment: Potentially a new article?

Comment: Remember to update the release version number before publishing externally.

For development- and test-environments, test keys and certificates for all default descriptors can be generated using features of the IDM bootstrap.zip package and bootstrap Docker container.

For Tomcat dev/test deployment

Requirements

• Tomcat not started

• Tomcat folder containing unpacked IDM Operator and IDM Admin of IDM 24.R1 or later on Linux or Windows

• unpacked bootstrapping.zip for the respective IDM release

Instructions

1. Open a command-line window.

2. Change to the unpacked bootstrap folder containing create_sign_encrypt_certs.sh (linux) or create_sign_encrypt_certs.bat (windows).

3. Execute the respective script for your OS.

   1. Linux: ./create_sign_encrypt_certs.sh --targetDir /PATH/TO/TOMCAT/webapps/idm-operator/WEB-INF/classes [OPTIONAL ARGS]

   2. Windows: create_sign_encrypt_certs.bat --targetDir C:\PATH\TO\TOMCAT\webapps\idm-operator\WEB-INF\classes [OPTIONAL ARGS]
      Execute the script without any parameters to see all supported arguments (if you need the plain text passwords of the generated P12 files, then adding the passwordList argument is recommended):
      create_sign_encrypt_certs.bat / create_sign_encrypt_certs.sh
      --caDir <dir>           CA cert directory - absolute or relative to
                              bootstrapping directory (default: cacerts)
      --configFile <file>     config to modify - absolute or relative to
                              target directory (default:
                              engineSignEncryptConfig.xml)
      --passwordList <file>   optionally create file which lists unscrambled
                              passwords - absolute or relative to target
                              directory (will overwrite existing)
      --targetDir <dir>       target directory for certificates - absolute
                              or relative to current directory

4. Copy all P12 files and engineSignEncryptConfig.xml from idm-operator/WEB-INF/classes to idm-admin/WEB-INF/classes
   (optionally you can prune the files and XML entries which IDM Admin does not need).

For Docker dev/test deployment

Requirements

• unpacked smartid package for the respective IDM release on a Linux/WSL docker host

• no container started

Instructions

1. Enter the smartid/docker/compose folder.

2. Prepare the files init-smartid.env and smartid.env according to the deployment documentation.
   If you need the plain text passwords of the generated P12 files, then edit smartid/docker/compose/identitymanager/bootstrap/docker-compose.yml
   and replace
   command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs"]

   within the create_sign_encrypt_certs section with
   command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs", "-passwordList", "pwlist.txt"].
   This will ensure the file smartid/docker/compose/certs/pwlist.txt will be created.

3. Execute the init script: ./init-smartid.sh, which will guide you through the process, including bootstrapping.

Additional information