11.6.1 Overview
The Web Administration Setup Tool is a Java application that allows the management of Identikey Server
connections and SSL certificate usage in the Administration Web Interface. Java Runtime Environment is required in order to run this tool.
The Web Administration Setup Tool stores its information using the Java preferences API. On Windows, it uses the Windows registry. On Linux, it uses the running user's file system, and is stored in the java/.userPrefs directory.
User Account
The user that runs the web server application should be the same user running the Web Administration Setup Tool under Linux, otherwise changes will not be reconciled in the Administration Web Interface.
Note
Any changes made with the Web Administration Setup Tool will not take effect until the Administration Web Interface and the web server application have been restarted.
11.6.2 Running the Application
Windows
1. Open a command prompt.
2. Navigate to the directory in which the Java executable is located.
3. Enter the following command:
java -jar admintool.jar
Linux
1. Open a command prompt.
2. Enter the following commands:
vds_chroot <install dir> /bin/bash java -jar admintool.jar
Note
The vds_chroot command will enter you into the chroot environment. This is necessary for all Setup Tool commands.
To exit the chroot environment, enter:
exit
11.6.3 Available Commands
The commands should be in the following format:
java -jar admintool.jar <command> [options]
The following commands are available:
Setup Tool Command Explanation
autoadd <name> <url> <certificate archive> <password> <connection limit>
<connection timeout>
Creates a new Identikey Server connection for the Administration Web Interface.
If a certificate archive and password is specified, the Identikey Server's SSL certificate will be added to it. If no certificate archive is specified, it will be added to the existing keystore.
A connection limit (number of concurrent connections to allow) and connection timeout may also be specified.
server list List the available Identikey SOAP servers
server add <name> <url>
<connection_timeout> <connection limit>
Add a new Identikey Server connection.
A connection limit (number of concurrent connections to allow) and connection timeout may also be specified.
server delete <name> Remove an existing Identikey Server
server default <name> Set the specified Identikey SOAP server as the default server localaddress <name> <local
address>
Specify a local IP address to specify when connecting to the provided server name.
certificate list Displays the list of certificate alias which are in the used certificate archive certificate list <certificate archive>
<passphrase>
Displays the list of certificate alias which are in the specifiedcertificate archive (opened using the specified passphrase)
certificate add <certificate archive>
<passphrase> <certificate file> <name>
Installs the certificate into an existing or new certificate archive using the provided passphrase and alias the certificate using the provided name.
certificate delete <certificate archive>
<passphrase> <name>
Removes the certificate with the specified alias from the provided certificate delete <certificate archive>
<passphrase>
Removes the certificate with the default alias "IdentikeyServer" certificate archive using the provided password.
Setup Tool Command Explanation autoadd <name> <url> <certificate
archive> <passphrase>
Combines the functionality of the server add and certificate add commands and automates the retrieval of the certificate from the Identikey Server.
11.6.4 Command Usage Examples
11.6.4.1 Adding an Identikey Server and SSL Certificate
The following command will add an Identikey Server and add the Identikey Server's certificate to the keystore:
java -jar admintool.jar autoadd <name> <url> <keystore location> <keystore password>
where <name> is the display name of the Identikey Server, <url> is the address and port number of the Identikey Server, <keystore location> is the location and file name of the keystore and <keystore password> is the password on the keystore.
Example
java -jar admintool.jar autoadd IKServer1 https://192.168.1.1:8888 etc/vasco/keystore.jks password1
will create a new Identikey Server record which will be displayed in the Web Administration application using the name “IKServer1” and will connect to the Identikey SOAP communicator using http – using SSL - at address 192.168.1.1 and port 8888. It will add the Identikey Server's SSL certificate to the keystore specified.
NOTE
Protocol strings must be provided (http or https for SSL connections).
Server creation can be verified by running the following command:
java -jar admintool.jar server list
which will display the current list of servers.
NOTE
The server name and url must both be unique. Attempting to add another server with a different name and the same url will fail. Adding a server with the same name and different url will overwrite the existing entry for the Identikey Server of that name.
11.6.4.2 Adding an Identikey Server
The following command will add an Identikey Server only, without adding a certificate to the keystore:
java -jar admintool.jar server add <name> <url>
where <name> is the display name of the Identikey Server and <url> is the address and port number of the Identikey Server.
Example
java -jar admintool.jar server add IKServer1 http://192.168.1.1:8888
will create a new Identikey Server record which will be displayed in the Web Administration application using the name “IKServer1” and will connect to the Identikey SOAP communicator using http at address 192.168.1.1 and port 8888.
11.6.4.3 Adding an SSL Certificate
To connect to an Identikey Server which is using an SSL connection, the server's certificate must be added to the Web Administration application's certificate archive. If this is not done while adding an Identikey Server using the autoadd command, it can be done by executing the
The certificate used by the Identikey Server is usually created with the filename “ikeycerts.pem” and located in : Windows - <install dir>\vasco\Identikey Server\bin
Linux - <install dir>/etc/vasco
To add this certificate to the Web Administration application's certificate archive, run the following command:
java -jar admintool.jar certificate add <archive location> <password>
<certificate location>
where <archive location> is the file path and name of the certificate archive, <password> is the certificate archive password and <certificate location> is the file path and name of the SSL certificate to add to the certificate archive.
Example
java -jar admintool.jar certificate add /etc/vasco/keystore.jks password1 /etc/vasco/ikeycerts.pem
or
java -jar admintool.jar certificate add <install dir>\vasco\Identikey Server\bin\keystore.jks password1 <install dir>\vasco\Identikey Server\bin\ikeycerts.pem
will add the ikeycerts.pem certificate to the specified certificate archive keystore.jks, using the certificate archive password password1.
NOTE
Ensure that the connection url to the server is updated - https should be used rather than http.