Versions Compared

Version Old Version 42 New Version Current
Changes made by

Lorenzo Cardinali

Lorenzo Cardinali

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

How

to upgrade from version 1.x - 2.4.x to version 2.5.x

Important changeovers were made from the previous version to the current version.

  • The operating system has been updated from CentOS6 to CentOS7

  • The application server was migrated from jboss 7 to WildFly 14.0.0.Final

    • In addition to a series of application improvements that you

    can

    find at the changelog https://namirial.atlassian.net/wiki/display/SWS/Changelog

    To complete the update you need to create a new machine and proceed to a new appliance installation that you find at the following link History - SWS OnPremise - RPM package#HowtoobtaintheOVFvirtualappliance .

    A step by step installation guide can be found at the following link History - SWS OnPremise - RPM package#Deploymentandtest.

    Once the installation is complete you will need to reconfigure your VA with the production keystore, you can find at this link a detail on how to do this History - SWS OnPremise - RPM package#MigratefromTESTtoPRODenvironment.

    If you want to stay up to date with the latest version we recommend you follow this guide. FAQ#FAQ#HowcaniupgradeSWSappliancetolatestversion?

    How can i export the log from SWS?

    At this link:

    History - SWS OnPremise - RPM package#ExportLogFiles

    You can see the guide for export the files.

    How can i see the SWS version?

    There are two ways. First way:

    Go to link: 

    Code Block
    http://<IP-APPLIANCE>:8080/SignEngineWeb/help.xhtml

    And read the version software (starts with 2.x )

    Or:

    1) Login SSH to appliance and execute:

    Code Block
    rpm -q sws

    And read the version software (starts with 2.x)

    NOTE: for the old appliance SWS is available only the second way.

    How can i obtain the TEST Namirial App OTP?

    If you download the Namirial App OTP from the official store (PlayStore and AppleStore), you can use ONLY the Namirial PROD enviroment.

    If you need to use the Namirial TEST environment, you can download the app from this link:

    For Android:

    https://appdistribution.firebase.dev/i/e843f2440b8a7b69

    For iOS:

    https://testflight.apple.com/join/4ZUE4zjf

    Template support request in case of problems with integration

    The fields required are:

    DATE and TIME when you have received the error: ???
    URL ENDPOINT: ???
    METODO NAME CALLED: ???
    INPUT PARAMETERS: ???
    ERROR RECEIVED (from our server): ???

    How can i

    install SWS in standalone mode?

    Is possible to install SWS in standalone mode ONLY in server RedHat, Almalinux9 and CentOS (this OS is supported until June 2024). Below the procedure:

    Code Block
    wget https://sws.firmacerta.it/download/sws2_packages.tar.gz
tar xzfv sws2_packages.tar.gz

    Move into directory just extracted and run this command:

    Code Block
    ./install.sh

    How can i TEST SWS onPremise?

    SWS onPremise is distributed in two different ways:

    • standalone (the SWS application is installed on Linux server)

    Below the link:

    Code Block
    https://namirial.atlassian.net/wiki/spaces/SWS/pages/257950448/SWS+OnPremise+-+Standalone#Installation

    • Docker (the image is installed on orchestrator managed by the customer)

    Below the link:

    Code Block
    https://namirial.atlassian.net/wiki/spaces/SWS/pages/211452317/SWS+OnPremise+-+Docker+container#How-can-i-obtain-the-SWS-on-Docker?

    How can i TEST SWS SaaS?

    The url prefix for TEST SWS SaaS is:

    Code Block
    https://sws-companynamesaas.test.namirialtsp.com/SignEngineWeb

    This is the link for download SSL certificate on our service

    For example during the integration the full url to use for SOAP request is:

    Code Block
    https://sws-companynamesaas.test.namirialtsp.com/SignEngineWeb/sign-service?wsdl

    And the full url for REST request is:

    Code Block
    https://sws-companynamesaas.test.namirialtsp.com/SignEngineWeb/rest/sign/signPades
    How

    Where can i

    fix the problem caused by truststore not updated?

    If in the SWS logs is present the messege:

    Code Block
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    The problem maybe caused by the trustore not updated. Below the step to fix the problem:

    1) Login SSH to the SWS virtual machine

    2) Type the following command

    Code Block
    rpm -q sws

    3) If the output of the command starts with "sws-2.4" you should perform the following commands:

    Code Block
    wget https://sws.firmacerta.it/download/truststore.jks -O /home/jboss/.SignEngine/keystore/truststore.jks wget https://sws.firmacerta.it/download/cacerts -O /usr/java/latest/lib/scurity/cacerts

    And 

    Code Block
    service jboss restart

    If the output of the command starts with "sws-2.5" you should perform the following command:

    Code Block
     sudo wget https://sws.firmacerta.it/download/truststore.jks -O /home/wildfly/.SignEngine/keystore/truststore.jks

    And

    Code Block
    sudo service wildfly restart

    How to remove production certificate?

    When installing a production certificate the machine cannot return to the environment test from the graphic panel. 

    If you want to restore the appliance to the initial state, you must remove this file using the command:

    Code Block
    # Login into your VA using SSH

# For SWS 1.x - 2.4.x
rm -rvf /home/jboss/.SignEngine/keystore/prod_keystore.jks
rm -rvf /home/jboss/.SignEngine/client.properties

# For SWS 2.5.x
rm -rvf /home/wildfly/.SignEngine/keystore/prod_keystore.jks
rm -rvf /home/wildfly/.SignEngine/client.properties

    Next you need to restart WildFly/JBoss service using this command:

    Code Block
    # For SWS 1.x - 2.4.x
sudo service jboss restart

# For SWS 2.5.x
sudo service wildfly restart

    Once operation is completed than you have your installation in a initial state.

    How can i migrate manually from TEST to PROD environment?

    In you pc
    1) Rename JKS of SSL certificate (received by mail) to: "prod_keystore.jks"
    2) create file "client.properties" and add this entry:
        - ws.client.dynamic.remotesignature.address = https://fra.firmacerta.it/ExtendedSignature/services
        - ws.client.keystore.filename = /home/wildfly

    obtain all Namirial root CA?

    At this link:

    View file
    nameAll_Namirial_RootCA.zip

    you can download all root CA

    I have received the mail about TLS deprecated, how can i do? (ITA)

    Namirial al fine di aumentare la sicurezza nei suoi servizi offerti ha deciso di disabilitare i le comunicazioni che utilizzano il protocollo TLS inferiore a 1.2

    Prima di continuare la lettura, l’aggiornamento di SWS non comporta nessuna modifica alle integrazioni effettuate in passato dai clienti, in quanto Namirial come primo obbiettivo ha quello di mantenere la retrocompatibilità nei suoi aggiornamenti.

    Detto ciò, di seguito una breve descrizione di come ottenere la nuova versione di SWS conforme agli standard di sicurezza applicati da Namirial:

    Negli anni abbiamo cambiato le modalità di distribuzione di SWS, la modalità di appliance come OVF non la forniamo più (per problemi di importazione nei vari cloud provider)

    Attualmente abbiamo le seguenti modalità di distribuzione:

    SWS onPremise -> STANDALONE

    (che “gira” su server Linux, nella documentazione sono scritti quelli supportati, in caso se volete utilizzare un sistema operativo Linux non presente nella lista possiamo vedere se riusciamo a soddisfare la richiesta)

    SWS OnPremise - Standalone

    SWS onPremise -> DOCKER

    (che "gira" su un immagine Docker, e l'orchestratore risiede nell'infrastruttura del cliente)

    SWS OnPremise - Docker container

    SWS SaaS

    (in cui vi forniamo un endpoint ad hoc protetto da mutua autenticazione per poter firmare. Namirial si occupa della gestione dell'infrastruttura, aggiornamenti, patch ecc...)

    NOTA: se volete utilizzare/passare alla versione SaaS potete contattare direttamente un nostro commerciale e valutare insieme se adottare o meno questa soluzione (in generale questa soluzione viene adottata dai clienti che appongono poche firme e la dimensione dei file da firmare non va oltre qualche MB)

     

    Nel vostro caso che avete già un istanza di SWS che stiamo andando a dismettere (per motivi di sicurezza legati a TLS) e decidete di mantenere la versione onPremise:

    Potete eseguire i vari STEP:

    1 - Completate l'installazione di SWS onPremise (standalone o Docker) -> A questo punto siete pronti per "parlare" con l'ambiente di TEST di Namirial

    2 - Recuperate il keystore di PROD (che usate attualmente su SWS per parlare con l'ambiente di PROD di Namirial) nel seguente modo:

    dal server SWS Appliance recuperate il file "/home/[jboss|wildfly]/.SignEngine/keystore/prod_keystore.jks


    3) Login via WinScp/FileZilla with user "sws" (the password is the same for ssh login)
    4) Copy the file:
        - prod_keystore.jks
        - client.properties
        Into folder "/tmp"
    5) Login SSH to SWS appliance and execute this command:
        - sudo service wildfly stop
        - sudo mv /tmp/prod_keystore.jks /home/wildfly/.SignEngine/keystore/
        - sudo mv /tmp/client.properties /home/wildfly/.SignEngine/
        - sudo chown -R wildfly:wildfly /home/wildfly/.SignEngine
        - sudo service wildfly start

    How can i enable the login via application?

    By default the login has made using the ssh (the SWS gui run the login command to check the password)
    Therefore login ssh and login gui have the same password!!!

    Is possible to set the login using the properties, following this procedure:
    1) Login to SSH appliance
    2) sudo service wildfly stop
    3) create file if not present:
        - /home/wildfly/.SignEngine/client.properties
    4) Add this entry (the password is "sws2015"):
        sws.usesystemauth=false
        sws.admin.password=4b83503e5c2d9e04bbc15135e3377de406b94a8431c85ed7574314f891413a1eadb73bf267fb65b41252952eea644bcbb9df7700b3d3888236f2b14e8749c1c7
    5) sudo service wildfly start

    NOW you can make a login and chage password

    The commando to calculate the password is:

    Code Block
    echo -n "sws2015" | openssl dgst -sha512 | awk '{print $2}'

    Where can i obtain all Namirial root CA?

    At this link:

    View file
    nameAll_Namirial_RootCA.zip

    you can download all root CA" e copiatelo nel vostro PC -> FILE_JKS

    3 - Una volta che avete il FILE_JKS, potete configuare la nuova istanza di SWS per "parlare" con l'ambiente di PROD di Namirial nel seguente modo:

    https://namirial.atlassian.net/wiki/spaces/SWS/pages/211452317/SWS+OnPremise+-+Docker+container#How-can-i-migrate-from-TEST-to-PROD-environment ?

    A questo punto la nuova istanza di SWS potrà “parlare” con il nostro ambiente di PROD

    NOTA: se non volete fare il comando "curl" a mano, potete utilizzare la postman collection reperibile al seguente link:

    Configure Postman

    IMPORTANTE: fino a che non avete completato i vari test con la nuova versione di SWS (chiamata SWS3x), potete tenere entrambe le istanze (la 1.2 e la 3x) attive per parlare con il nostro ambiente di PROD)