|
For the latest version, please use Certificate Lifecycle Manager 6.3.0! |
Autoenrollment Connector : Installing and running the simulator
This document describes the installation, configuration and running procedure for the simulator of the MTG Autoenrollment Connector (AEC).
Installation
Prerequisites
Install a system in which the simulator is going to be installed. It can be a Windows or Linux machine that has access to the test network like incoming/outgoing connections to AD and incoming/outgoing connections to the computers requesting certificates via Windows auto-enrollment.
Install JDK 17 on the target machine.
Installation
First unzip file mtg-aec-simulator.zip.
This will create the directory mtg-aec-simulator.
After installation, the directory contains the following files:
- mtg-aec-simulator.jar
-
This is the simulator application.
- run.bat
-
This is the file to execute the simulator under Windows.
- run.sh
-
This is the file to execute the simulator under Linux.
- application.properties
-
This is the configuration file of the simulator. It contains key-values pairs that configure the application.
Configuration
Configuring the AD
Configure AD and all other necessary steps as described in MTG CLM Autoenrollment Connector : Interaction with Windows
The following files, produced during Windows configuration, must be placed in the mtg-aec-simulator directory:
-
aec-ldap-user.keytab
-
application.keytab
-
krb5.conf
Truststore
Create a Java keystore which contains the certificate of the root CA (filename: ad_root.crt) that has issued the AD server certificate using :
keytool -import -alias ad1 -file ad_root.crt -keystore truststore.jks -storepass aecsimulator -noprompt
Place this keystore in the mtg-aec-simulator directory.
application.properties
Configure the application by editing the application.properties, adding the proper configuration values.
This file contains hints about the meaning and functioning of each configuration parameter.
Result
After configuring the simulator, the mtg-aec-simulator directory now also contains the following files:
- aec-ldap-user.keytab
-
This is a keytab file containing an encrypted password hash of the LDAP user account.
- application.keytab
-
This is a keytab file containing an encrypted password hash of the service user account associated with the SPN.
- krb5.conf
-
This file contains the configuration information of kerberos.
- truststore.jks
-
A Java-based keystore containing the certificate of the root CA that has issued the AD server certificate.
Running
Run the application by running the file run.bat on Windows
On a Linux machine use run.sh (make sure to run chmod u+x run.sh before) with the domain name of the server where the simulator is running as an extra argument.
For example:
./run.sh aec.simulator.demo.mtgAfter running the simulator for the first time the mtg-aec-simulator directory now also contains the following files/directories:
- trace
-
Directory where the log files of the application are located.
- root.crt
-
The certificate of the root CA.
- sub.crt
-
The certificate of the subordinate CA.
- root.key
-
The private key of the root CA.
- sub.key
-
The private key of the subordinate CA.
- server.p12
-
The private key and certificates of the TLS Server of the simulator.
After the first run the directory mtg-aec-simulator contains the following files/directories:
-
mtg-aec-simulator.jar
-
run.bat
-
run.sh
-
application.properties
-
ldap.tab
-
application.tab
-
krb5.conf
-
truststore.jks
-
trace
-
root.crt
-
sub.crt
-
root.key
-
sub.key
-
server.p12
You may verify the TLS connection to the simulator using:
curl -v -k https://<IP/DN where the simulator runs>/aec/actuator/health