Linux operator guide
IntroductionStartup / Shutdown console
The TLS protection of
Start Soffid IAM Console is applied through the configuration of the Apache TomEE embedded in the installation.
This solution is running under java technology therefore we need a jks file (Java Key Store) or a PKCS#12 file with the information of your certificate.
Once you have the Console installed and your certificate in jks format you can follow this steps to configure it the first time or for an update.
Mind that sometimes, the network encryption algorithm is named as SSL, in fact, the configuration file still displays the word SSL. However, SSL protocol is now outdated, and TLSv1.2 is used instead.
Configuration
The configuration file to modify is the following one:
/opt/soffid/iam-console-2/conf/server.xml
It can contain one or more connectors. Uncomment or add the following one, that enables the TLS configuration:
<Connectorsystemctl port="443"start protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/yourcert.jks"
certificateKeystorePassword="123456"
certificateKeyAlias="yourdomain"
type="RSA"
xpoweredBy="false"
server="Apache TomEE" />
</SSLHostConfig>
</Connector>soffid-iamconsole.service
Stop
TheseSoffid areIAM the attributes that you have to configure.
Then, copy or replace your jks file into to the file /opt/soffid/iam-console2/conf/yourcert.jks
After that, you have to restart the iam-console services.
sudo systemctl restartstop soffid-iamconsoleiamconsole.service