Security server configuration

(1)

csc

Security server

configuration

Security server 5.0x. Version 0.3

pmuhonen 4/15/2014

(2)

Palveluväylä Developmet Environment 15.4.2014 Security server configuration

_____________________________________________________________________________________

2

Date Version Description

10.3.2014 0.1 Initial version

24.3.2014 0.2 - changed LY-tunnus to Y-tunnus

- Section 10

-Producer Registry code format change to FI-<Y-tunnus>-<databaseshortname>

15.4.2014 0.3 Changes to Producer’s naming, page 14

Contents

1. Purpose of this document ... 3

2. Before you continue... 3

3. Connecting Security Server Web management ... 3

4. Logging in, Web interface ... 5

5. Adding Central Servers ... 5

6. Adding the DNS-key fingerprint ... 7

7. Adding CA certificate... 10

8. Running Reconfigure and Tests ... 11

9. Adding certificate requests, consumer request ... 13

10. Adding certificate requests, Database/Registries request ... 14

(3)

3

1. Purpose of this document

This document gives the reader a simplified configuration manual for Xtee Security server 5.0 software configuration. Using steps described in this manual Security server administrator can join his server to Palveluväylä development environment.

2. Before you continue

You cannot fully configure Security server before Palveluväylä operator (currently CSC on behalf on VM) has granted your server access to Central servers and monitoring server. To join Palveluväylä development, please send an email to [email protected] . In that email you should add following information

 Organization name, address

 Contact person's name, email, mobile number and role in organization

 Secondary contact person's name, email, mobile number and role in organization  Y-code (Y-tunnus) or, if private person in question, mobile number

 Secure server IP address (static IPV4)

Joining process in short after you have installed your Secure server  Sending joining request with needed information to CSC  CSC sending firewall opening confirmation and server keyprints

 Joining organization: finalizing configuration of Secure server and after that creating and sending key request(s) to CSC

 CSC sends confirmation that Secure server(s) have been added to Palveluväylä

 Joining organization checks using their Secure servers web interface that Security server is successfully added to Palveluväylä

3. Connecting Security Server Web management

(4)

_____________________________________________________________________________________

4

Select Add Exception

(5)

5

4. Logging in, Web interface

Type in webadmin password

5. Adding Central Servers

(6)

_____________________________________________________________________________________

6

Type in 86.50.27.11 and press Save

Press Save once more

(7)

7

Add the second Central Server 86.50.27.40 using the same procedure

6. Adding the DNS-key fingerprint

Select Configuration -> Keys and certificates -> DNS keys. Add the DNS-key fingerprint by pressing Add new key and the primary Central Server IP (you’ll get the fingerprint from CSC)

(8)

_____________________________________________________________________________________

8

Type in DNS key Fingerprint and Press Save.

Failure during saving indicates, that network ports are not open to Central server as needed

(9)

9

(10)

_____________________________________________________________________________________

10

7. Adding CA certificate

Select Configuration -> Keys and certificates -> CA certificates. Click Add new

(11)

11

CA fingerprint added

8. Running Reconfigure and Tests

Select Configuration -> Reconfigure all. Click Reconfigure all

(12)

_____________________________________________________________________________________

12

Select System –> Diagnostics. Click Test all

(13)

13

That kind of request is made if your organization is consuming resources from Palveluväylä; this is: you are not providing database services, you are consuming those available to your system.

Select Configuration -> Organization and click Add

Type in Y-tunnus of your organization in Registry code field and the name of your organization in Organization’s name field. Click Save

(14)

_____________________________________________________________________________________

14

Click Savecertification request

Select Save File and click OK.

This certificate requestshould be sent to [email protected]) (send it as a reply to IP-opening confirmation from CSC) with following information

 Type of an request: Consumer  certreq.gz as an attachment

 your organization’s name that you used when creating certificate request  exact registry code (Y-tunnus) that you used when creating certificate request  your Security server’s IP

10. Adding certificate requests, Database/Registries request

(15)

15

Select Configuration -> Databases / Registries. Click Add

Type in Registry codein formatFI-<Y-tunnus>-<databaseshortname> . For example: FI-1234567-8-dbtest1

Max total length of Registry code is 20 chars/digits.

Type in the name of your organization in Organization’s name - databaseshortname field. For example: Organisaatio - dbtest1 . Click Save

(16)

_____________________________________________________________________________________

16

Click Save certification request

Select Save File and click OK.

This certificate requestshould be sent to [email protected]) (send it as a reply to IP-opening confirmation from CSC) with following information

 Type of an request: Producer  certreq.gz as an attachment

 organization’s name that you used when creating certificate request

 exact Reg. code/Short Name (FI-Y-tunnus-tietokantanimi) that you used when creating certificate request  your Security server’s IP

(17)

17

Click Load Certificates

Click Save