[midPoint] Problem about Keystore Configuration

Parttimaa Jan jan.parttimaa at myy.haaga-helia.fi
Wed Nov 14 17:39:11 CET 2018 

Thank you for the help!


Could anyone also tell the location where is "application.yml" on the Embedded Tomcat<https://wiki.evolveum.com/display/midPoint/Using+MidPoint+with+embedded+Tomcat>? We can't find location "admin-gui/src/main/resources".


Best Regards,

Jan Parttimaa


Jan Parttimaa

1602738,

Tietojenkäsittelyn koulutusohjelma,

Haaga-Helia ammattikorkeakoulu, Pasilan kampus

________________________________
Lähettäjä: midPoint <midpoint-bounces at lists.evolveum.com> käyttäjän Ivan Noris <ivan.noris at evolveum.com> puolesta
Lähetetty: keskiviikko 14. marraskuuta 2018 13.19.47
Vastaanottaja: midpoint at lists.evolveum.com
Aihe: Re: [midPoint] Problem about Keystore Configuration


Hi,

this is JVM option, not a command line command.

You need to provide that in the same way as the other JVM parameter are passed to midPoint.


If you are using standalone midPoint, you can do this:

1. create <midpoint>/bin/setenv.sh file (<midpoint> is the directory where midPoint is installed)

2. set the JAVA_OPTS variable inside that file:

#!/bin/sh

export JAVA_OPTS="$JAVA_OPTS -D.................."


3. make the file executable: chmod 755 setenv.sh

4. start midPoint


This is mentioned also here: https://wiki.evolveum.com/display/midPoint/Installing+MidPoint+Server


I'm using this to set additional JAVA_OPTS, but have not overriden the keystore location.


Best regards,

Ivan


On 14. 11. 2018 12:03, Parttimaa Jan wrote:

Hi,


Does anyone successfully override the default JVM keystore/truststore location and point it to the midPoint keystore<https://wiki.evolveum.com/display/midPoint/Keystore+Configuration>? We tried to do that but we have problems.


We tried this...


root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security# -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks
bash: -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks: No such file or directory


...but it's says that location does not exist, even it does.


We also tried this...


root at MIDPOINTIDM:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security# java -Djavax.net.ssl.trustStore=/opt/midpoint/var/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks
Usage: java [-options] class [args...]
           (to execute a class)
   or  java [-options] -jar jarfile [args...]
           (to execute a jar file)
where options include:
    -d32          use a 32-bit data model if available
    -d64          use a 64-bit data model if available
    -server       to select the "server" VM
    -zero         to select the "zero" VM
    -dcevm        to select the "dcevm" VM
                  The default VM is server,
                  because you are running on a server-class machine.


    -cp <class search path of directories and zip/jar files>
    -classpath <class search path of directories and zip/jar files>
                  A : separated list of directories, JAR archives,
                  and ZIP archives to search for class files.
    -D<name>=<value>
                  set a system property
    -verbose:[class|gc|jni]
                  enable verbose output
    -version      print product version and exit
    -version:<value>
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  require the specified version to run
    -showversion  print product version and continue
    -jre-restrict-search | -no-jre-restrict-search
                  Warning: this feature is deprecated and will be removed
                  in a future release.
                  include/exclude user private JREs in the version search
    -? -help      print this help message
    -X            print help on non-standard options
    -ea[:<packagename>...|:<classname>]
    -enableassertions[:<packagename>...|:<classname>]
                  enable assertions with specified granularity
    -da[:<packagename>...|:<classname>]
    -disableassertions[:<packagename>...|:<classname>]
                  disable assertions with specified granularity
    -esa | -enablesystemassertions
                  enable system assertions
    -dsa | -disablesystemassertions
                  disable system assertions
    -agentlib:<libname>[=<options>]
                  load native agent library <libname>, e.g. -agentlib:hprof
                  see also, -agentlib:jdwp=help and -agentlib:hprof=help
    -agentpath:<pathname>[=<options>]
                  load native agent library by full pathname
    -javaagent:<jarpath>[=<options>]
                  load Java programming language agent, see java.lang.instrument
    -splash:<imagepath>
                  show splash screen with specified image
See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.


... but we only got Java help.


We have openjdk-8-jre and openjdk-8-jdk installed on our Ubuntu Server 16.04.5 LTS (64-bit). We use MidPoint 3.8.


Best Regards,

Jan Parttimaa


Jan Parttimaa

1602738,

Tietojenkäsittelyn koulutusohjelma,

Haaga-Helia ammattikorkeakoulu, Pasilan kampus



_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/listinfo/midpoint


--
Ivan Noris
Senior Identity Engineer
evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20181114/ce9104f3/attachment.htm>

More information about the midPoint mailing list