PingAuthorize

Example: Set up the PingAuthorize Policy Editor to use a custom SSL certificate

This example sets up the PingAuthorize Policy Editor in demo mode with a provided SSL server certificate in PKCS12 format:

$ env KEYSTORE_PIN_FILE=<path-to-keystore.pin>  bin/setup demo
  --adminUsername admin \
  --pkcs12KeyStorePath  <path-to-keystore.p12>  \
  --certNickname  <certificate-nickname>  \
  --decisionPointSharedSecret  <shared-secret>  \
  --hostname  <pap-hostname>  \
  --port  <pap-port>  \
  --adminPort  <admin-port>  \
  --licenseKeyFile  <path-to-license>

If you don’t use the KEYSTORE_PIN_FILE during setup, you can supply the --keystorePassword option.

The following information describes the previous example code block:

  • The KEYSTORE_PIN_FILE environment variable, along with the --pkcs12KeyStorePath and --certNickname command-line options, affect the server’s SSL certificate configuration.

  • KEYSTORE_PIN_FILE contains the path to a file containing a valid key store PIN value.

  • The --pkcs12KeyStorePath value is a path to a valid PKCS12 key store file.

  • The --certNickname value is the certificate nickname or alias.

  • The PingAuthorize Policy Editor only supports lowercase certificate nicknames.

  • Because the KEYSTORE_PIN_FILE is not persisted, it must also be available in the environment of start-server.