The SKCE module—to be hereafter called the CryptoEngine Module (CEM) in SAKA—requires configuration changes to access the newly created domain. Even if the CEM will not be used it is necessary to make these configurations. Follow these steps to configure the CEM:
In Window1, if using a self-signed certificate for the FIDO applicationID, import it into the Payara TrustStore using the certimport
script:
shell> certimport.sh <FQDN> -p<PORT> -kGLASSFISH
Examples:
certimport.sh saka01.strongauth.com -p8181 -kGLASSFISH certimport.sh www.domain.com -p443 -kGLASSFISH
In Window1, execute create-SKCE-Users.sh
to setup service credentials for the CEM. Specify 2 for domain number 2 and a password for the service credentials:
shell> ./create-SKCE-Users.sh 2 <password>
In Window1, change directory to /usr/local/strongauth/skce/etc
.
shell> cd ~/skce/etc
Edit the skce-configuration.properties
file.
Update the value of the following two properties to reflect the values specified in Create System Users [Primary], Step 3:
skce.cfg.property.saka.cluster.1.domain.1.password=skce.cfg.property.saka.cluster.1.domain.1.username=
In Window1, change directory to /usr/local/strongauth/skcc/etc
.
shell> cd ~/skcc/etc
Edit the skcc-configuration.properties
file. Update the value of the following two properties to reflect the pinguser password specified in Create System Users [Primary], Step 3 for the property skcc.cfg.property.sakapwd
and the value of the passwords in Add System Users [Primary], Step 3 for the following properties:
skcc.cfg.property.service.cc.ce.password
skcc.cfg.property.service.cc.fe.password
skcc.cfg.property.service.cc.ce.ping.password
skcc.cfg.property.sakapwd=skcc.cfg.property.service.cc.ce.password=skcc.cfg.property.service.cc.fe.password=skcc.cfg.property.service.cc.ce.ping.password=
In Window1, use sudo
and restart the Payara application server (supply the strongauth user's password when prompted):
shell> sudo /sbin/service glassfishd restart
In Window1, change directory to /usr/local/strongauth/bin
.
shell> cd ~/bin
In Window1, execute the script, KC-SetPINTool.sh
.
shell> ./KC-SetPINTool.sh
Using the red, green, and blue flash drives, set the PINs for the three Key Custodians to activate the cryptographic hardware module on the appliance, ensuring there are no errors in Window1 or Window2.