1. The Installation Type window will be displayed.
Image 56: IDENTIKEY Server Setup - Installation Type window
2. Click on the Advanced Installation option button. Click Next to continue. The Data Storage window will be displayed.
Install IDENTIKEY Server - Active Directory
Image 57: IDENTIKEY Server Setup - Data Storage window 3. Select the Active Directory option button.
4. Click Next.
5. The Digipass Extension for Active Directory Prerequisites page will be displayed. The functions on this page are optional, and need only be used if DIGIPASS and DIGIPASS User administration is to be performed on this machine.
Image 58: IDENTIKEY Server Setup – Digipass Extension for Active Directory Prerequisites window
6. If you wish to use the Digipass Extension for Active Directory Users and Computers on this machine:
a. If the .NET 2.0 Framework is to be installed, click the .NET 2.0 Framework button.
The Microsoft .NET Framework 3.0 SP1 Setup window will be displayed.
i Read the license and click to either accept or not accept the terms.
ii Click Install to continue or Cancel to cancel the set up.
Install IDENTIKEY Server - Active Directory
Image 59: Microsoft .NET license agreement.
b. If the MMC 3.0 Framework is to be installed, click the MMC 3.0 Framework button.
Image 60: IDENTIKEY Server Setup – Digipass Extension for Active Directory Prerequisites window.
The Software Update Installation Wizard for your operating system will be displayed.
i Click Next to continue.
The Digipass Extension for Active Directory Prerequisites window will be displayed, showing the results of the installations.
ii Click Next to continue.
Install IDENTIKEY Server - Active Directory
Image 61: IDENTIKEY Server Setup – Digipass Extension for Active Directory Prerequisites installation complete window.
c. If the IDENTIKEY Server is being installed on Microsoft Windows Vista or Microsoft Windows 2008, a hotfix provided by Microsoft must be installed to enable the Active Directory Users and Computers extension to work. If it is not already installed on the machine, the Active Directory Query Form Hotfix button will be enabled. Click this button to install the hotfix.
Please note that the Active Directory Query Form Hotfix button will remain unavailable on any operating system other than Microsoft Windows Vista or Microsoft Windows 2008.
The Select Components window will be displayed.
7. Click IDENTIKEY Server 3.1 to start the installation wizard.
Image 62: IDENTIKEY Server Setup - Select Components Window
8. The IDENTIKEY Server Setup Wizard start window will be displayed. Click Next to continue.
Install IDENTIKEY Server - Active Directory
Image 63: IDENTIKEY Server Setup Wizard Start Page.
The License Agreement screen will be displayed.
Image 64: IDENTIKEY Server Setup - License Agreement Window 9. Read the agreement carefully.
10. To accept the License Agreement, tick the I accept the terms in the License Agreement checkbox and click Next.
If you do not accept the License Agreement, and click Cancel - the install will terminate.
11. To select the features that you want to be installed click on the icons on the window.
Click the Reset button to reset all your choices.
Click Next to continue.
Install IDENTIKEY Server - Active Directory
Image 65: IDENTIKEY Server Setup - Custom Setup window
12. The Ready to Install IDENTIKEY Server window will be displayed. Click Install to continue.
Image 66: IDENTIKEY Server Setup - Ready to Install IDENTIKEY Server window The Installing IDENTIKEY Server progress window will be displayed.
13. Click the Next button to continue when it becomes available.
Install IDENTIKEY Server - Active Directory
Image 67: Installing IDENTIKEY Server progress window
The IDENTIKEY Server Setup Wizard finish window will be displayed.
14. Click Finish to complete the installation of IDENTIKEY Server .
Image 68: IDENTIKEY Server Setup Wizard finish window
15. The Installer will install the component for each button that is selected. Each installation after the IDENTIKEY Server install is optional.
Install IDENTIKEY Server - Active Directory
Image 69: IDENTIKEY Server Installed – Select Components
16. When the Installer gets to the Run Configuration Wizard step, click the Run Configuration Wizard button.
The IDENTIKEY Server Configuration Wizard will be started.
Image 70: IDENTIKEY Server Configuration Wizard Start Window 17. Click Next to continue.
The Active Directory pre-requisites window will be displayed.
18. Read the information and make sure all the pre-requisites have been met before clicking Next.
Image 71: IDENTIKEY Server Configuration Wizard - Active Directory Pre-requisites Window
19. If this is not the first IDENTIKEY Server to be installed, tick the This is NOT the first IDENTIKEY Server to be installed check box. Wait for the Active Directory changes made during the installation of the first
Install IDENTIKEY Server - Active Directory
IDENTIKEY Server to replicate fully. You must be logged into the machine as a Domain Administrator in the machine’s Domain.
20. Click Next.
The Digipass Configuration Domain window will be displayed.
21. Enter the fully qualified name of the Domain in which IDENTIKEY Server should store its configuration data.
This domain must currently exist.
Image 72: IDENTIKEY Server Configuration Wizard – Digipass Configuration Domain Window 22. Click Next.
The Active Directory Certificate Authority window will be displayed.
Image 73: IDENTIKEY Server Configuration Wizard – Active Directory Certificate Authority Window
23. Click on the Disable LDAP SSL option box if you want to disable LDAP SSL. If you do not want LDAP SSL to be disabled, the instructions in 3.1.3 SSL Setup must be followed to ensure that LDAP SSL will work correctly.
24. Click Next to continue.
The IP address winow will be displayed.
Image 74: IDENTIKEY Server Configuration Wizard – IP Address Window
Install IDENTIKEY Server - Active Directory
25. Enter the IP address for the IDENTIKEY Server.
26. Click Next to continue.
Image 75: IDENTIKEY Server Configuration Wizard – First Administrator Window
27. Enter a User ID and Password for the First Administrator. Confirm the password and click Next.
The Sensitive Data Encryption window will be displayed.
Image 76: IDENTIKEY Server Configuration Wizard – Sensitive Data Encryption Window
Note
If you will be using a custom encryption key for sensitive data, this should be set before DIGIPASS are imported to the 'live' version of the IDENTIKEY Server. See the Sensitive Data Encryption topic in the Administrator Reference for more information.
28. To use IDENTIKEY Server's standard encryption settings:
a. Select the Standard with embedded key option button b. Click on Next.
To use custom encryption settings, either:
Image 77: IDENTIKEY Server Configuration Wizard – Custom Data Encryption Window a. Select the Custom with embedded and custom key combination option button.
b. Enter the Storage key.
c. Select a cipher.
OR
Install IDENTIKEY Server - Active Directory
Image 78: IDENTIKEY Server Configuration Wizard – Load Data Encryption Window
a. If you have created your own Data Encryption file, select the Load from file option button.
b. Browse to the file in this window.
c. Enter the password.
29. Click Next.
The License window will be displayed.
Image 79: IDENTIKEY Server Configuration Wizard – License Window
30. Navigate to a license file using the ... button, or click Request a licence from 'vasco.com'.
Note
The Request a License from 'vasco.com' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a licence from vasco.com for Windows 2008 Core you will have to download the licence on another machine and copy it across to the Windows 2008 Core machine.
31. Click Next.
The Server Functionality window will be displayed.
Image 80: IDENTIKEY Server Configuration Wizard – Server Functionality Window
The functions that are available on this window will be determined by your license. Those shown above are available by default.
32. Click in check boxes to either select or de-select the required functionality.
33. Click Next to continue.
The SSL Server Certificate Installation window will be displayed.
Install IDENTIKEY Server - Active Directory
Image 81: IDENTIKEY Server Configuration Wizard – SSL Server Certificate Window 34. To use an SSL certificate generated by the Configuration Wizard:
a. Select the Generate and install a new test certificate option button.
b. Click on Next.
Image 82: IDENTIKEY Server Configuration Wizard – SSL Server Certificate Password Window c. Enter a password for the new certificate.
To use a commercial SSL Server Certificate:
a. Select the Install my own SSL certificate option button.
b. Click on Next.
Image 83: IDENTIKEY Server Configuration Wizard – SSL Server Certificate Selection Window c. Browse to the certificate file.
d. Enter the password for the certificate.
e. Click on Next.
Image 84: IDENTIKEY Server Configuration Wizard - Automatic Server Location Support
Install IDENTIKEY Server - Active Directory
To skip automatic DNS registration now, select No DNS Service registration.
To use DNS service registration with a DNS server supporting Dynamic DNS:
f. Select the DNS service registration with a DNS server supporting Dynamic DNS option.
g. Enter the name of the DNS domain.
h. Enter the IP address of the Target Host machine.
i. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server.
To use DNS service registration with a DNS server supporting TSIG authentication:
a. Select the DNS service registration with a DNS server supporting Dynamic DNS with TSIG authentication option.
b. Enter the name of the DNS domain.
c. Enter the Fully Qualified Domain Name of the Target Host machine.
d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server.
e. Enter the full path and filename for the shared key file.
To use DNS service registration with a DNS server supporting Secure Dynamic Update
a. Select the DNS service registration with a DNS server supporting Dynamic DNS with Secure Dynamic Update option
b. Enter the name of the DNS domain.
c. Enter the Fully Qualified Domain Name of the Target Host machine.
d. Select the priority for connections to the IDENTIKEY Server - Primary server or Backup server.
e. Enter the full path and filename for the shared key file.
35. Click on Test Settings to test that the DNS server settings are correct.
The Configuration Wizard will test the connection and list the result on-screen.
36. Click on Next.
The Web Admin Client window will be displayed.
Image 85: IDENTIKEY Server Configuration Wizard – Web Admin Client Window 37. Enter the IP address of the Web Administration Client.
Click Next to continue.
The Sample Web Client window will be displayed.
Image 86: IDENTIKEY Server Configuration Wizard – Sample Web Client Window
38. Enter the IP address of a web client to be used by the Sample Web Pages in the SDK. This page is optional and only needs to be used if the SDK is to be installed.
39. Click on Next.
If Active Directory is installed on the same machine as IDENTIKEY Server, and the machine is on a domain, but as a member server, the Domain Service Account screen will be displayed.
Install IDENTIKEY Server - Active Directory
Image 87: IDENTIKEY Server Configuration Wizard – Domain Service Account Window
This window allows you to specify a domain account that you want IDENTIKEY Server to run under.
Caution
The User ID specified MUST be a member of domainadmins group. Failure to ensure that this is the case can cause security issues.
40. Click Next to continue. A summary of the settings will be displayed.
Image 88: IDENTIKEY Server Configuration Wizard – Summary Window 41. Check the settings carefully, then click Proceed to continue.
42. Click Finish to complete the configuration.
Image 89:Deploying IDENTIKEY Server Web Administration Module Window The Web Administration Module, if installed, will now be deployed.
43. Enter a Key store password and confirm it.
Install IDENTIKEY Server - Active Directory
44. Click Deploy.
The Web Administration Module will be installed automatically. Click Cancel to stop the Web Administration Module from being installed.
Image 90:Deploying IDENTIKEY Server Web Administration Module Wizard Results Window 45. Check the Result field and click Close to continue or Cancel to exit the Installer.
If you clicked Close the Installation Completed window will be displayed
Image 91: IDENTIKEY Server Installation Complete Window 46. Click Finish when the installation is complete.
47. Restart your computer.
48. When your computer has restarted, refer to 9 Post-Installation Tasks for further steps that may need to be performed.
7.2.1 Install Active Directory Users and Computers Extension on a Child Domain
To install the Active Directory Users and Computers Extension on a child domain follow the instructions below.
1. Install IDENTIKEY Server on the machine with the parent domain.
2. Log in to the child domain machine, making sure you have administration authority.
3. On the child domain machine, run the IDENTIKEY Server installation as detailed above until you get to the Custom Setup window. When you get to this window uncheck every component EXCEPT the Active Directory User and Computers extension.
Install IDENTIKEY Server - Active Directory
Image 92: IDENTIKEY Server Installation Custom Setup Window.
4. Continue with the IDENTIKEY Server Installation instructions from the Custom Setup window as detailed above. After the installation has finished you will see the Active Directory Users and Computers item on the Start Menu under VASCO\Identikey Server.
Image 93: Windows Start Menu showing location of Active Directory Users and Computers.
Deploy IDENTIKEY Server Administration Web Interface
8 Deploy IDENTIKEY Server Administration Web Interface
If the Administration Web Interface and the embedded Tomcat server is installed with IDENTIKEY Server, the Administration Web Interface will be deployed automatically by the Configuration Wizard. However, if the
Administration Web Interface was not deployed automatically during installation of IDENTIKEY Server, or you want to install the Administration Web Interface on a different machine, follow the instructions in this chapter.