Setting Up the eHealth Integration with CAC Enabled

 
casp1031
You can set up the CAC Integration with CA Spectrum using the following steps: 
  • Disable
    TLS 1.2
    in Java Console (this is to be able to launch JNLP applications) on
    Windows client
    system, where card-reader is attached.
  • Stop Spectrum Tomcat and eHealth httpd and SCARVES
    • SPEC:
      $SPECROOT/tomcat/bin/stopTomcat.sh
    • EH:
      $NH_HOME/bin/nhHttpd stop
    • EH (AS ROOT):
      $NH_HOME/bin/nhSmartCard.sh stop
  • SPEC: 
    cd $SPECROOT/CERTS/certs
  • SPEC:
    sftp [email protected]<EH Machine Name>
    • cd
      <path_to_EH_home>/
      web/httpd/conf/cacerts
    • put SpectrumRootCA.crt
    • bye
  • EH:
    Import the Spectrum certificates into the eHealth trust stores
    • cd $NH_HOME/bin
    • ./nhSmartCard.sh trust -import -storepass 123456 -alias SpectrumRootCA -file $NH_HOME/web/httpd/conf/cacerts/SpectrumRootCA.crt
    • ./nhWebProtocol -mode https -hostname <EH FDQN> -strongCipher -disableSSLv2 -enableSCAuth -SCCAdir $NH_HOME/web/httpd/conf/cacerts -SCCAsvrFile $NH_HOME/web/httpd/conf/myDaemonCert3.pem -SCServerIPs "<EH FDQN>:8888" -certificate $NH_HOME/CERTS/<HOSTNAME>.crt -key 
      $NH_HOME/CERTS/<HOSTNAME>.key -intermediate 
      $NH_HOME/web/httpd/conf/myDaemonCert3.pem –fips
    • $NH_HOME/bin/nhHttpd start
    • AS ROOT:
      $NH_HOME/bin/nhSmartCard.sh start
    • Verify you can still log into eHealth with CAC.
  • SPEC:
    Import the eHealth certificates into the Spectrum OneClick trust store
    • Stop tomcat
      • $SPECROOT/tomcat/bin/stopTomcat.sh
    • cd $SPECROOT/CERTS
    • sftp [email protected]<EH HOSTNAME>
      • cd $NH_HOME/web/httpd/conf
      • get myDaemonCert3.pem eHealth.pem
      • bye
    • $SPECROOT/Java/bin/keytool -import -alias EH_CAC -file eHealth.pem -keystore $SPECROOT/custom/keystore/cacerts -storepass changeit
    • Edit $SPECROOT/lib/SDPM/partslist/
      TOMCAT.idb
      and add the following command like parameters to tomcat (applies for LINUX Spectrum 9.4.0 and earlier versions)
    • su
    • chmod –R a+rwx $SPECROOT/lib/SDPM
    • Edit $SPECROOT/tomcat/bin/
      catalina.sh
      and add the following command like parameters to tomcat JAVA_OPT variable (applies for LINUX Spectrum 9.4.0 and earlier versions):
      • -Djavax.net.ssl.keyStore=$SPECROOT/custom/keystore/cacerts 
      • -Djavax.net.ssl.keyStorePassword=changeit
      Example for Spectrum 9.4.2 and later
      :
      catalina.sh
      change
      image2015-3-31 17:13:4.png
    • Edit $SPECROOT/tomcat/bin
      /OneClickService.conf
      and add the following command like parameters to the end of file (applies for LINUX Spectrum 9.4.0 and earlier versions):
      • jvm_opt=-Djavax.net.ssl.keyStore=C:/win32app/Spectrum/custom/keystore/cacerts
      • jvm_opt=-Djavax.net.ssl.keyStorePassword=changeit
    • Start tomcat
      • $SPECROOT/tomcat/bin/startTomcat.sh
    • Attempt to configure the eHealth integration from the OneClick Administration page.
      image2015-3-31 17:17:13.png