Verifying the Installation

This section briefly describes how to verify if the Automatic Certificate Renewal installation has been properly performed.

To verify that the Automatic Certificate Renewal installation has been properly completed and that the ActivID CMS server-based solution can connect to the ActivID CMS server:

  • Run the check.bat batch file located in the bin folder of the PKI renewal solution.

  • If the check.bat batch file returns the proper values for the ActivID CMS database version and the ActivID CMS portal version, then this verifies that the installation has been properly performed.

For all other processes, when “attended” is the security mode setting (securityMode= “attended”), the Enter Secure Credentials window is displayed when running the verification process.

Note: To enable debug logging, locate the default logback.xml file inside the conf folder (in the Automatic_Cert_Renewal/conf/ directory) and replace ERROR with DEBUG.

Password Encryption

The first time you launch the check.bat file, all passwords are encrypted and stored in base64 format as shown in the following example:

Copy 
<common securityMode="unattended">
  <secret filename="./conf/secrets.jks" encryptedPassword=
   "ucB0S2pfUZ5+dj6IZ5B+xg==" attended="false" />
  <cmsDatabase>
   <dataSource>com.microsoft.sqlserver.jdbc.SQLServerDataSource</dataSource>
  <url>jdbc:sqlserver://cmsserver.domain.com/AIMSEE;serverName=cmsserver.domain.com;
 databaseName=AIMSEE;socketTimeout=600</url>
 <userName>AIMSEE</userName>
  <password isSecret="true" isEncrypted="true">j+ecrMjSlkeaxAxsIdaqKg==</password>
 </cmsDatabase>
 <cmsPortal>
  <url>https://cmsserver.domain.com:32456</url>
  <clientCertificate storage="file">
   <filename>./conf/certificates/renewalOperator.pfx</filename>
   <password isSecret="true"isEncrypted="true">j+ecrMjSlkeaxAxsIdaqKg==</password>
   <hsmKeyLabel>keyLabel</hsmKeyLabel>
   <hsmConfigurationFile>./conf/pkcs11.cfg</hsmConfigurationFile>
   <hsmPin isSecret="true" isEncrypted="true">+8nTcb4i79LwDBzdcn9SdA==</hsmPin>
  </clientCertificate>
  <serverCertificate storage="file">
   <filename>./conf/certificates/root.cer</filename>
   <password isSecret="true"isEncrypted="true">j+ecrMjSlkeaxAxsIdaqKg==</password>
  </serverCertificate>
  <pollingInterval>5000</pollingInterval>
  <pollingMaxAttempts>50</pollingMaxAttempts>
 </cmsPortal>
Note: To generate the security.jks file and encrypt the password, make sure that the attribute action=“encrypt” is present in the <common> XML element.