...
- Use stock httpd RPM install (standard NIST install)
- Install mod_ssl and mod_auth_kerb RPMs:
No Format # yum install mod_ssl # yum install mod_auth_kerb
Configure
Install JDK and enhanced JCE
...
- To support additional cryptographic algorithms used by the IdP, download and install the Bouncy Castle JCE jar file (http://polydistortion.net/bc/index.html) in the lib/ext directory of the JRE (/usr/java/latest/jre/lib/ext/). For example:
(Replace the file version number as needed).No Format # cd /usr/java/latest/jre/lib/ext # cp /path/to/bcprov-jdk16-145.jar .
Add it as a provider in in the JRE's lib/security/java.security, e.g.:
(Replace 9 with the next sequential provider number as needed).No Format security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider
- To support use of crypto key sizes larger than 2048 bits, we also add the Unlimited Strength Security Policy to the JVM. Download jce_policy-6.zip from the locker downloads directory, or from Sun (http://java.sun.com/javase/downloads/index.jsp,
Other Downloadssection at the bottom). Unzip the policy zip file and copy local_policy.jar and US_export_policy.jar into the JRE's lib/security directory (replacing the versions installed from the JDK RPM).No Format # cd /tmp # unzip /path/to/jce_policy-6.zip # cd jce # cp *.jar /usr/java/latest/jre/lib/security/
- The MIT CA certificates must be added to the certificate trust store. This can be done by downloading and adding them explicitly to the JRE cacerts trust store, as follows:
The password for the trust store is "changeit". Answer "yes" to the "Trust this certificate?" promptNo Format # wget 'http://mv.ezproxy.com.ezproxyberklee.flo.org/mitca.crt' # wget 'http://mv.ezproxy.com.ezproxyberklee.flo.org/mitClient.crt' # setenv JAVA_HOME /usr/java/latest # cd $JAVA_HOME/jre/lib/security # cp -p cacerts cacerts.orig # $JAVA_HOME/bin/keytool -import -keystore cacerts -alias mitca -file /path/to/mitca.crt # $JAVA_HOME/bin/keytool -import -keystore cacerts -alias mitclientca -file /path/to/mitClient.crt
...