You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 8 Next »

Introduction

This guide details the process for configuring the Direct Certificate Discovery Tool (DCDT, or the Tool) following the completion of one of the Install Guide(s).

 

Requirements

You have completed the Source Build Guide or downloaded the WAR file. Also, the following ports must be available for binding of services:

PortsService
25Mail
53DNS
10389, 11389, 12389LDAP

Configure Tomcat

Stop the Tomcat 7 service by running:

sudo service tomcat7 stop

 

Append the following lines to the file /etc/default/tomcat7:

JAVA_HOME="/usr/lib/jvm/java-7-oracle"
JAVA_OPTS="-Djava.awt.headless=true -Xms384m -Xmx768m -XX:+UseConcMarkSweepGC"

If the file /usr/share/tomcat7/bin/setenv.sh does not exist, create it by running:

sudo touch /usr/share/tomcat7/bin/setenv.sh

Append the following lines to the file /usr/share/tomcat7/bin/setenv.sh:

CATALINA_OPTS="$CATALINA_OPTS -XX:PermSize=256m -XX:MaxPermSize=512m"
CATALINA_OPTS="$CATALINA_OPTS -Ddcdt.data.dir=<path to database directory> -Ddcdt.web.user.admin.secret=<admin console admin user password>"

  • <path to database directory> is the path to a directory where you want the Derby database that will persist the Discovery testcase credentials to be created.

  •  <admin console admin user password>  is the custom password (default="adminpass") to set for the admin console "admin" user.

 

Then, run the following command so that the Tomcat user will be able to create and write to the database in the specified directory:

sudo chown -R tomcat7:tomcat7 <parent directory of database directory>
E.g. <path to database directory> is /var/lib/dcdt/tomcat7/data
<parent directory of database directory> is /var/lib/dcdt/tomcat7

 

Start the Tomcat 7 service by running:

sudo service tomcat7 start

Configure Authbind on Ubuntu

If you are installing DCDT on Ubuntu, authbind is required to allow the Tomcat user to run on privileged ports (port numbers 0-1023). For DCDT, the DNS service must bind to port 53 and the mail service must bind to port 25. Authbind may already be installed on your version of Ubuntu and can be found in /etc/authbind. If it is not already installed:

sudo apt-get install authbind

To enable authbind so that Tomcat can bind to privileged ports, change the default setting AUTHBIND=no to AUTHBIND=yes in /etc/default/tomcat7.

 

Restart the Tomcat service by running:

sudo service tomcat7 restart

 

Verify that Tomcat can access the privileged ports. The user ID of the Tomcat user can be viewed in /etc/passwd. A file with the name of the Tomcat user ID (e.g. 106) should exist in /etc/authbind/byuid/ and contain the following entry:

0.0.0.0/0:1,1023
  • No labels