Product Documentation

The SKCE module—to be hereafter called the CryptoEngine Module (CEM) in SAKA—requires configuration changes to access the newly created domain. Even if the CEM will not be used it is necessary to make these configurations. Follow these steps to configure the CEM:

  1. In Window1, if using a self-signed certificate for the FIDO applicationID, import it into the Payara TrustStore using the certimport script:

    shell> certimport.sh <FQDN> -p<PORT> -kGLASSFISH

    Examples:

    certimport.sh saka01.strongauth.com -p8181 -kGLASSFISH certimport.sh www.domain.com -p443 -kGLASSFISH
  2. In Window1, execute create-SKCE-Users.sh to setup service credentials for the CEM. Specify 2 for domain number 2 and a password for the service credentials:

    shell> ./create-SKCE-Users.sh 2 <password>
  3. In Window1, change directory to /usr/local/strongauth/skce/etc.

    shell> cd ~/skce/etc
  4. Edit the skce-configuration.properties file.

    Update the value of the following two properties to reflect the values specified in Create System Users [Primary], Step 3:

    skce.cfg.property.saka.cluster.1.domain.1.password=skce.cfg.property.saka.cluster.1.domain.1.username=
  5. In Window1, change directory to /usr/local/strongauth/skcc/etc.

    shell> cd ~/skcc/etc
  6. Edit the skcc-configuration.properties file. Update the value of the following two properties to reflect the pinguser password specified in Create System Users [Primary], Step 3 for the property skcc.cfg.property.sakapwd and the value of the passwords in Add System Users [Primary], Step 3 for the following properties:
    skcc.cfg.property.service.cc.ce.password
    skcc.cfg.property.service.cc.fe.password
    skcc.cfg.property.service.cc.ce.ping.password

    skcc.cfg.property.sakapwd=skcc.cfg.property.service.cc.ce.password=skcc.cfg.property.service.cc.fe.password=skcc.cfg.property.service.cc.ce.ping.password=
  7. In Window1, use sudo and restart the Payara application server (supply the strongauth user's password when prompted):

    shell> sudo systemctl restart payara 
    
    # For SAKA version 4.12 and below, use the following command:
    shell> sudo service glassfishd restart
    
  8. In Window1, change directory to /usr/local/strongauth/bin.

    shell> cd ~/bin
  9. In Window1, execute the script, KC-SetPINTool.sh.

    shell> ./KC-SetPINTool.sh
  10. Using the red, green, and blue flash drives, set the PINs for the three Key Custodians to activate the cryptographic hardware module on the appliance, ensuring there are no errors in Window1 or Window2.