Versions Compared

Old Version 8

changes.mady.by.user Elizabeth So

Saved on

compared with

New Version Current

changes.mady.by.user Elizabeth So

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide details the process for configuring the Direct Certificate Discovery Tool (DCDT, or the Tool) following the completion of one of the Install Guide(s).

 

Requirements

You have completed the Source Build Guide or downloaded the WAR file. Also, the The following ports must be available for binding of services:

PortsService
25 (TCP)Mail
53 (UDP and TCP)DNS
10389, 11389, 12389 (TCP)LDAP

Configure Tomcat

Stop the Tomcat 7 service by running:

Code Block
languagebash
sudo service tomcat7 stop

 

Append the following lines to the file /etc/default/tomcat7:

Code Block
languagebash
JAVA_HOME="/usr/lib/jvm/java-7-oracle"

...


JAVA_OPTS="-Djava.awt.headless=true -Xms384m -Xmx768m -XX:+UseConcMarkSweepGC"
ulimit -n 8192
Info

The execution of the ulimit command above increases/sets the open files limit for the Tomcat 7 service process. The common default value on *nix systems is 1024, which is quite often insufficient.

 

If the file /usr/share/tomcat7/bin/setenv.sh does not exist, create it by running:

Code Block
languagebash
sudo touch /usr/share/tomcat7/bin/setenv.sh
 

Append the following lines to the file /usr/share/tomcat7/bin/setenv.sh:

Code Block
languagebash
CATALINA_OPTS="$CATALINA_OPTS -XX:PermSize=256m -XX:MaxPermSize=512m"

...


CATALINA_OPTS="$CATALINA_OPTS -Ddcdt.data.dir=<path to

...

data directory> -Ddcdt.web.user.admin.secret=<admin console admin user password>"

  • <path to database data directory> is the : path to a directory where you want the Derby database that will persist the Discovery testcase credentials data to be createdpersisted.  

  •  

    <admin console admin user password>

      is the

    : custom password (default="adminpass") to set for the admin console "admin" user.

 

Then, run the following command so that the Tomcat user will be able to create and write to the database data in the specified directory:

Code Block
languagebash
sudo chown -R tomcat7:tomcat7

...

"$(dirname "<path to

...

data

...

...

directory>")"

 

Start the Tomcat 7 service by running:

Code Block
languagebash
sudo service tomcat7 start

Configure Authbind on Ubuntu

If you are installing DCDT on Ubuntu, authbind is required to allow the Tomcat user to run on privileged ports (port numbers 0-1023). For DCDT, the DNS service must bind to port 53 and the mail service must bind to port 25. Authbind may already be installed on your version of Ubuntu and can be found in /etc/authbind. If it is not already installed:

Code Block
languagebash
sudo apt-get install authbind

To enable authbind so that Tomcat can bind to privileged ports, change the default setting AUTHBIND=no to AUTHBIND=yes in /etc/default/tomcat7.

 

Since authbind requires the use of IPv4, add the following to /etc/sysctl.conf:

Code Block
languagetext
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Reinitialize sysctl by running the following:

Code Block
languagebash
sudo sysctl -p

 

Restart the Tomcat service by running:

Code Block
languagebash
sudo service tomcat7 restart

 

Verify that Tomcat can access the privileged ports. The user ID of the Tomcat user can be viewed in /etc/passwd. A file with the name of the Tomcat user ID (e.g. 106) should exist in /etc/authbind/byuid/ and contain the following entry:

Code Block
languagetext
0.0.0.0/0:1,1023