IDENTIKEY Server
Windows Installation Guide
Disclaimer of Warranties and Limitations of Liabilities
Disclaimer of Warranties and Limitations of Liabilities
The Product is provided on an 'as is' basis, without any other warranties, or conditions, express or implied, including but not limited to warranties of merchantable quality, merchantability of fitness for a particular purpose, or those arising by law, statute, usage of trade or course of dealing. The entire risk as to the results and performance of the product is assumed by you. Neither we nor our dealers or suppliers shall have any liability to you or any other person or entity for any indirect, incidental, special or consequential damages whatsoever, including but not limited to loss of revenue or profit, lost or damaged data of other commercial or economic loss, even if we have been advised of the possibility of such damages or they are foreseeable; or for claims by a third party. Our maximum aggregate liability to you, and that of our dealers and suppliers shall not exceed the amount paid by you for the Product. The limitations in this section shall apply whether or not the alleged breach or default is a breach of a fundamental condition or term, or a fundamental breach. Some states/countries do not allow the exclusion or limitation or liability for consequential or incidental damages so the above limitation may not apply to you.
Copyright
Copyright © 2010 VASCO Data Security, Inc., VASCO Data Security International GmbH. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of VASCO Data Security Inc.
Trademarks
VASCO®, Vacman®, IDENTIKEY®, aXsGUARD®, DIGIPASS®, and ® are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries.
Document Version: 2.1
Table of Contents
Table of Contents
1 Introduction... 9
1.1 Software Components... 9
1.2 System Requirements... 12
1.3 Available Guides... 15
2 Pre-installation Tasks... 16
2.1 IDENTIKEY Server Component... 16
3 Set Up Data Store for IDENTIKEY Server... 19
3.1 ODBC Database... 20
3.2 Active Directory... 21
3.3 Serial Number and Maintenance ID... 23
3.4 Microsoft SQL Server using Windows Native Authentication... 23
4 Start IDENTIKEY Server Installation... 24
4.1 Tomcat Upgrade... 25
5 Install IDENTIKEY Server in Basic Mode – ODBC... 27
5.1 Basic Installation Mode... 27
5.2 Basic Installation... 28
6 Install IDENTIKEY Server in Advanced mode - ODBC... 47
6.1 Advanced Installation... 47
6.2 Set Up a Hardware Security Module... 81
7 Install IDENTIKEY Server - Active Directory... 85
7.1 Active Directory Scenario and Decisions... 85
7.2 Install IDENTIKEY Server for Active Directory... 86
8 Answers File... 129
8.1 Generating the Answers File... 129
8.2 Updating the Answers File... 129
Table of Contents
9.3 Web Administration Setup Tool... 142
10 Post-Installation Tasks... 146
10.1 Licensing... 146
10.2 Backup Strategy... 146
10.3 Audit Settings... 146
10.4 Database Tasks... 147
10.5 Set Up User Self Management and OTP Request Websites... 149
10.6 Increase Tomcat Memory Allocation (64-bit Only)... 150
11 Install Additional IDENTIKEY Server... 152
11.1 Install IDENTIKEY Server Component... 152
11.2 Configure Additional IDENTIKEY Servers... 152
11.3 Replication... 152
12 Add Components to Installation... 153
13 Upgrade IDENTIKEY Server... 154
13.1 Upgrade Paths... 154
13.2 System Requirements... 154
13.3 Upgrade IDENTIKEY Server for 32-bit and 64-bit Windows... 155
14 Extend Data Store Schema... 172
14.1 DPDBAdmin AddSchema Command... 172
14.2 DPADAdmin AddSchema Command... 174
15 SSL Server Certificate Encryption Algorithms... 178
15.1 Client Applications Validating Server Certificate... 178
15.2 SHA-256 Not Supported... 178
15.3 Operating Systems without SHA-256 Support... 179
15.4 Operating Systems and Supplicants with SHA-256 Support...179
16 Repair Installation... 180
17 Uninstall IDENTIKEY Server... 181
17.1 Data Removal... 181
17.2 Ports... 181
18 Technical Support... 182
IDENTIKEY Server Windows Installation Guide 4
Table of Contents
Illustration Index
Image 1: IDENTIKEY Server Installation Welcome Window...24
Image 2: IDENTIKEY Server Installation Welcome Window...25
Image 3: IDENTIKEY Server Setup Window...26
Image 4: IDENTIKEY Server Installation - Installation Type Window...28
Image 5: IDENTIKEY Server Installation -License Agreement Window...29
Image 6: IDENTIKEY Server Installation - Select Installation Path Window...30
Image 7: IDENTIKEY Server Installation - Installation Progress Window ...31
Image 8: IDENTIKEY Server Installation - Installation Progress Window...32
Image 9: IDENTIKEY Server Installation - Installation Progress Window - PostgreSQL...33
Image 10: IDENTIKEY Server Configuration Wizard - Start Window...34
Image 11: IDENTIKEY Server Configuration Wizard - IP Address Window...35
Image 12: IDENTIKEY Server Configuration Wizard - License Window...36
Image 13: IDENTIKEY Server Configuration Wizard - Server Functionality Window...37
Image 14: IDENTIKEY Server Configuration Wizard - First Administrator Window...38
Image 15: IDENTIKEY Server Configuration Wizard - Server Certificate Window...39
Image 16: IDENTIKEY Server Configuration Wizard - RADIUS Topology Window...40
Image 17: IDENTIKEY Server Configuration Wizard - RADIUS Client Window...41
Image 18: IDENTIKEY Server Configuration Wizard - RADIUS Server Window...42
Image 19: IDENTIKEY Server Configuration Wizard – Confirmation...43
Image 20: IDENTIKEY Server Configuration Wizard Summary Window...44
Image 21: Import DPX Files Window...45
Image 22: IDENTIKEY Server Installation Complete Window...46
Image 23: IDENTIKEY Server Select Installation Type Window...47
Image 24: IDENTIKEY Server Installation - Data Storage Window...48
Image 25: IDENTIKEY Server Installation – Select Components Window...49
Image 26: IDENTIKEY Server Installation – License Agreement Window...50
Image 27: IDENTIKEY Server Installation – Custom Setup window...51
Image 28:IDENTIKEY Server Installation – Ready to Install IDENTIKEY Server window...52
Image 29: Installing IDENTIKEY Server progress window...53
Table of Contents
Image 35: IDENTIKEY Server Configuration Wizard Server Functionality Window...59
Image 36: IDENTIKEY Server Configuration Wizard - HSM Window...60
Image 37: IDENTIKEY Server Configuration Wizard – Database Window...61
Image 38: IDENTIKEY Server Configuration Wizard - User ID/Domain conversion Window...62
Image 39: IDENTIKEY Server Configuration Wizard - Master Domain Window...63
Image 40: IDENTIKEY Server First Administrator Window...64
Image 41: IDENTIKEY Server Sensitive Data Encryption Window...65
Image 42: IDENTIKEY Server Custom Data Encryption Window...66
Image 43: IDENTIKEY Server Load Data Encryption Window...67
Image 44: IDENTIKEY Server SSL Server Certificate Installation...68
Image 45: IDENTIKEY Server Configuration Wizard SSL Server Certificate Details Window...69
Image 46: IDENTIKEY Server Configuration Wizard SSL Server Certificate Selection Window...70
Image 47: IDENTIKEY Server RADIUS TLS Server Certificate Selection...71
Image 48: IDENTIKEY Server RADIUS TLS Server Certificate Password...72
Image 49: IDENTIKEY Server RADIUS SSL Server Certificate Selection...73
Image 50: IDENTIKEY Server Automatic Server Location Support...74
Image 51: IDENTIKEY Server Deploy Web Administration Interfaces...75
Image 52: IDENTIKEY ServerSample Web Client Window...76
Image 53: IDENTIKEY Server Configuration Wizard Summary Window...77
Image 54: IDENTIKEY Server Configuration Wizard Confirmation Window...78
Image 55:Select Components completed Window...79
Image 56:Installation Completed page...80
Image 57: IDENTIKEY Server Setup - Installation Type window...86
Image 58: IDENTIKEY Server Setup - Data Storage window...87
Image 59: IDENTIKEY Server Setup – DIGIPASS Extension for Active Directory Prerequisites window...88
Image 60: Microsoft .NET license agreement...89
Image 61: IDENTIKEY Server Setup – DIGIPASS Extension for Active Directory Prerequisites window...90
Image 62: IDENTIKEY Server Setup – DIGIPASS Extension for Active Directory Prerequisites installation complete window...91
Image 63: IDENTIKEY Server Setup - Select Components Window ...92
Image 64: IDENTIKEY Server Setup Wizard Start Page...93
Image 65: IDENTIKEY Server Setup - License Agreement Window...94
Image 66: IDENTIKEY Server Setup - Custom Setup window...95
Image 67: IDENTIKEY Server Setup - Ready to Install IDENTIKEY Server window...96
Image 68: Installing IDENTIKEY Server progress window...97
Image 69: IDENTIKEY Server Setup Wizard finish window...98
Image 70: IDENTIKEY Server Installed – Select Components...99
IDENTIKEY Server Windows Installation Guide 6
Table of Contents
Image 71: IDENTIKEY Server Configuration Wizard Start Window...100
Image 72: IDENTIKEY Server Configuration Wizard IP Address Window...101
Image 73: IDENTIKEY Server Configuration Wizard – License Window...102
Image 74: IDENTIKEY Server Configuration Wizard – Server Functionality Window...103
Image 75: IDENTIKEY Server Configuration Wizard - Active Directory Pre-requisites Window...104
Image 76: IDENTIKEY Server Configuration Wizard – DIGIPASS Configuration Domain Window... 105
Image 77: IDENTIKEY Server Configuration Wizard – Active Directory Certificate Authority Window...106
Image 78: IDENTIKEY Server Configuration Wizard – First Administrator Window...107
Image 79: IDENTIKEY Server Configuration Wizard – Sensitive Data Encryption Window...108
Image 80: IDENTIKEY Server Configuration Wizard – Custom Data Encryption Window...109
Image 81: IDENTIKEY Server Configuration Wizard – Load Data Encryption Window...110
Image 82: IDENTIKEY Server Configuration Wizard – SSL Server Certificate Window...111
Image 83: IDENTIKEY Server SSL Server Certificate Details window...112
Image 84: IDENTIKEY Server SSL Server Certificate Selection window...113
Image 85: IDENTIKEY Server RADIUS TLS Server Certificate Selection...114
Image 86: IDENTIKEY Server RADIUS SSL Server Certificate Details...115
Image 87: IDENTIKEY Server RADIUS SSL Server Certificate Selection...116
Image 88: IDENTIKEY Server Configuration Wizard - Automatic Server Location Support...117
Image 89: IDENTIKEY Server Configuration Wizard – Web Admin Client Window...118
Image 90: IDENTIKEY Server Configuration Wizard – Sample SDK Web Client Window...119
Image 91: IDENTIKEY Server Configuration Wizard – Domain Service Account Window...120
Image 92: IDENTIKEY Server Configuration Wizard – Confirmation Window...121
Image 93: IDENTIKEY Server Configuration Wizard – Summary Window...122
Image 94: IDENTIKEY Server Configuration Wizard – Confirmation Window...123
Image 95: IDENTIKEY Server Installation Complete Window...124
Image 96: IDENTIKEY Server Configuration Wizard - Active Directory Extension window...125
Image 97: IDENTIKEY Server Configuration Wizard – Allow Schema Updates window...125
Image 98: IDENTIKEY Server Configuration Wizard – Wait AD Schema Replication window...126
Image 99: IDENTIKEY Server Installation Custom Setup Window...127
Image 100: Windows Start Menu showing location of Active Directory Users and Computers...128
Image 101: My Computer - Manage...136
Table of Contents
Image 107: IDENTIKEY Server Self Management Website home page...150
Image 108: IDENTIKEY Server Installation Welcome Window...155
Image 109: IDENTIKEY Server Data Storage Window...156
Image 110: IDENTIKEY Server 3.2 Upgrade Window...157
Image 111: IDENTIKEY Server 3.2 Upgrade Window...158
Image 112: IDENTIKEY Server Installation – License Agreement Window...159
Image 113: IDENTIKEY Server Installation – Custom Setup window...160
Image 114: IDENTIKEY Server Installation – Ready to Install window...161
Image 115: IDENTIKEY Server 3.2 Upgrade Window...162
Image 116: IDENTIKEY Server 3.2 Upgrade Window...163
Image 117: IDENTIKEY Server Configuration Wizard - Start Page...164
Image 118: IDENTIKEY Server Configuration Wizard - Update Schema Page...165
Image 119: IDENTIKEY Server Configuration Wizard - License Page...166
Image 120: IDENTIKEY Server Configuration Wizard - Server Functionality Page...167
Image 121: IDENTIKEY Server Configuration Wizard - Server Location Page...168
Image 122: IDENTIKEY Server Configuration Wizard - RADIUS SSL Server Certificate Page...169
Image 123: IDENTIKEY Server Configuration Wizard - Confirmation Page...170
Image 124: IDENTIKEY Server Configuration Wizard - Start Page...171
IDENTIKEY Server Windows Installation Guide 8
Introduction
1 Introduction
This Installation Guide is designed to provide you with the information you will need in order to install IDENTIKEY Server. It will guide you through preparation, installation and post-installation tasks which may be required for your system.
1.1 Software Components
IDENTIKEY Server consists of various components, some necessary and some optional.
1.1.1 Required Components
IDENTIKEY Server
The IDENTIKEY Server is a server component that performs authentication, signature validation, administration and provisioning tasks. It runs as a Windows service.
Data Store
The following data stores are supported:
ODBC – either the embedded PostgreSQL database supplied with IDENTIKEY Server, or your own Active Directory
Web Administration Interface
Allows all IDENTIKEY Server data store administration tasks to be carried out over a web interface.
1.1.2 Optional Components
Embedded Database
An embedded PostgreSQL database is available for use with IDENTIKEY Server.
Embedded Web Application Server
Apache Tomcat may be installed as the embedded web application server for the Web Administration Interface.
Introduction
DIGIPASS TCL Command-Line Administration
Administration may also be carried out using DIGIPASS TCL Command-Line Administration Utility, which allows interactive command-line and scripted administration of IDENTIKEY Server data.
Audit Viewer
The Audit Viewer is a GUI application that can display and filter audit messages from the IDENTIKEY Server. It can read the data from text files and ODBC databases or receive a live feed from the IDENTIKEY Server.
OTP Request Site
This is a miniature web site that allows a User to request a Virtual DIGIPASS OTP to be sent to their mobile phone.
User Self Management Web Site
This is a miniature web site that allows Users to make appropriate changes to their own DIGIPASS settings, such as PIN changes. This is used in a RADIUS environment, when the normal authentication requests are made using a CHAP-based protocol and therefore PIN changes and other 'self-management' features are not possible.
1.1.3 DIGIPASS Authentication for Windows Logon
DIGIPASS Authentication for Windows Logon is a separate module which integrates VASCO's two-factor authentication into Windows logins. It requires extra licensing to be supported in IDENTIKEY Server. For more information on this module, see the DIGIPASS Authentication for Windows Logon Product Guide.
1.1.4 IDENTIKEY Server SDK
The Software Development Kit allows creation of custom SOAP clients and authentication engines, using the SOAP interface. This is an upgrade add-on to IDENTIKEY Server and will only be available for installation if it has been purchased. It requires a separate installation program.
1.1.5 Data Migration Tool
The VASCO Data Migration Tool is a general-purpose utility that allows you to migrate your data from one VASCO product to another. It requires a separate installation.
1.1.6 Password Synchronization Manager
Password Synchronization Manager (PSM) is a product that is installed on the domain controller which allows a change of the Windows Password to be automatically updated on IDENTIKEY Server. The new Windows password will be reflected as the static password on IDENTIKEY Server
IDENTIKEY Server Windows Installation Guide 10
Introduction
1.1.7 LDAP Synchronization
User information on IDENTIKEY Server can be synchronized with external LDAP databases by using the LDAP Synchronization Tool. See the LDAP Synchronization Tool Guide for more details.
Introduction
1.2 System Requirements
1.2.1 Server Component
IDENTIKEY Server requires:
Windows Server 2008 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2008 R2 (64-bit only)
Windows Vista (32-bit) with Service Pack 2 or above Windows XP (32-bit) with Service Pack 3 or above
Windows Server 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above Windows Small Business Server 2003 with Service Pack 1 or above
Windows Small Business Server 2008 (64-bit only) with Service Pack 2 or above
1.2.2 Web Administration Interface
The Web Administration Interface can be run on any Java web application server running:
Java Runtime Environment version 6.0 or above Java Server Pages version 2.0 or above Java Servlets version 2.4 or above
It has been tested primarily on Apache Tomcat 6.0.
It is compatible with most common browsers. It has been tested on:
Internet Explorer 7.0 Internet Explorer 8.0
Mozilla Firefox 3.5 and higher
The Administration Web Interface can be run on the following operating systems:
Windows Server 2008 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2008 R2 (64-bit only)
Windows Vista (32-bit) with Service Pack 2 or above Windows XP (32-bit) with Service Pack 2 or above
Windows 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above
IDENTIKEY Server Windows Installation Guide 12
Introduction
1.2.3 Other Components
The Message Delivery Component, Audit Viewer and DIGIPASS TCL Command-Line Administration require:
Windows Server 2003 (32-bit or 64-bit) with Service Pack 2 or above Windows Server 2003 R2 (32-bit or 64-bit) with Service Pack 2 or above Windows XP Professional (32-bit) with Service Pack 3 or above
Windows Vista (32-bit) with Service Pack 1 or above
Windows Server 2008 (32-bit or 64-bit) GUI version with Service Pack 2 or above Windows Small Business Server 2003 with Service Pack 1 or above
Windows Small Business Server 2008 (64-bit only) with Service Pack 2 or above
The Request OTP and User Self Management Websites require any web server capable of running CGI.
1.2.4 Requirements Specific to Active Directory
DIGIPASS Extension for Active Directory Users and Computers Active Directory Users and Computers Snap-In
Active Directory set up for SSL
In the following cases, SSL must be available for IDENTIKEY Server components to connect to Active Directory:
IDENTIKEY Server not installed on a Domain Controller.
Administration Interfaces not installed on a Domain Controller.
IDENTIKEY Server and/or Administration Interface(s) on a Domain Controller, but accessing data in another domain.
An Enterprise Certificate Authority must be installed in the forest to enable SSL. Windows Certificate Services is available as an optional Windows component.
However, if you do not wish to install a CA, you can select during installation not to use SSL.
Prerequisites
1. If Active Directory is installed on a Windows 2003 machine and it is being managed using a Windows XP machine, you will have to download the Admin Pack from the Microsoft website and install it on the XP
Introduction
1.2.5 Requirements Specific to ODBC Database
IDENTIKEY Server will support most modern ODBC-compliant relational, transactional databases. It has been tested on the following databases:
Oracle 11g
Microsoft SQL Server
2005 Full Enterprise Edition and Express 2008 Full Enterprise Edition and Express DB2
8.1 (Windows Only) 9.1
PostgreSQL 8.3
Note
Please note that when setting up a DB2 database, the page size should be set to at least 8192k.
A smaller page size will create an error when IDENTIKEY Server attempts to connect to the database.
1.2.6 Hardware Security Module
The following Hardware Security Modules are supported by IDENTIKEY Server:
Safenet ProtectServer Gold
Safenet ProtectServer Internal-Express Safenet ProtectServer Orange
If a Hardware Security Module is to be used with the following software, SafeNet software is required on the machine on which IDENTIKEY Server will be installed:
Network or PCI Access Provider v4.00 ProtectToolKit C Runtime Library v4.00
1.2.7 Language
IDENTIKEY Server is designed to function on any language version of the supported operating systems. However, the product has only been comprehensively tested on English language versions.
IDENTIKEY Server Windows Installation Guide 14
Introduction
1.3 Available Guides
The following IDENTIKEY Server guides are available:
Product Guide
The Product Guide will introduce you to the features and concepts of IDENTIKEY Server and the various options you have for using it.
Getting Started Guide
The Getting Started Guide will lead you through a standard setup and testing of key IDENTIKEY Server features.
Windows Installation Guide
Use this guide when planning and working through an installation of IDENTIKEY Server in a Windows environment.
Linux Installation Guide
Use this guide when planning and working through an installation of IDENTIKEY Server in a Linux environment.
Administrator Reference
In-depth information required for administration of IDENTIKEY Server. This includes references such as data attribute lists, backup and recovery and utility commands.
Performance and Deployment Guide
Contains information on common deployment models and performance statistics.
Help Files
Context-sensitive help accompanies the Administration Web Interface and DIGIPASS Extension for Active Directory Users and Computers.
IDENTIKEY Server SDK Programmers Guide In-depth information required to develop using the SDK.
Pre-installation Tasks
2 Pre-installation Tasks
This section outlines the preparation that you need to do before installing IDENTIKEY Server.
Please note that to perform pre-installation and installation tasks you must be logged in as Administrator on the system where IDENTIKEY Server is to be installed.The administrator User ID must be a built-in Administrator, not a normal User ID with administrator privileges.
2.1 IDENTIKEY Server Component
The following tasks must be completed before installing the IDENTIKEY Server on a machine.
2.1.1 Data Store Type
Before starting other pre-install tasks, you must decide on the type of data store to be used.
Microsoft Active Directory
Integrate DIGIPASS-related data with Active Directory and Windows user accounts using the Active Directory Users and Computers Snap-In.
Embedded Database
A PostgreSQL database may be installed with IDENTIKEY Server.
Note
If you will be installing IDENTIKEY Server with the embedded PostgreSQL database, you will need to run the installation on the machine itself, rather than via Remote Desktop or another remote connection.
Other ODBC Database
Include DIGIPASS-related data in a new or existing ODBC database. The database may be located on any machine to which the IDENTIKEY Server can connect.
2.1.2 Master Domain
IDENTIKEY Server has the concept of a Master Domain. This domain has special significance in two ways:
It is used as the default domain, when no domain is specified.
Only Administrators in the Master Domain may be assigned the privilege to view data from all domains.
Administrators in other domains will only ever be able to view data in their own domain.
IDENTIKEY Server Windows Installation Guide 16
Pre-installation Tasks
The default name for the Master Domain is master. If you prefer to use another name, you will need to enter this name during the Configuration Wizard.
2.1.3 User ID and Domain Name Conversion
The IDENTIKEY Server may be configured to handle User IDs and domain names in a number of ways. It is important that these are set up before data is added to the database. Before installing, decide which settings to use.
Case-sensitivity
The IDENTIKEY Server may be configured to save and retrieve User IDs and domain names in lower case, upper case or with no conversion (data is saved or searched on exactly as entered). The configuration required will depend on your company's requirements and the capabilities of the database used as the data store. See the Encoding and Case-Sensitivity topic in the Administrator Reference for more information.
The case conversion of User IDs and domain names is set using the Configuration Wizard immediately after installation, or by running the IDENTIKEY Server Configuration utility at any time afterwards.
Caution
Changing case conversion after the initial configuration may require modification of all User IDs and domain names in the data store.
Windows name resolution
Enable Windows Name Resolution to allow the IDENTIKEY Server to use Windows functionality to resolve a UserID – as entered during a login – into a User ID and Domain. This feature is recommended if all User accounts correspond to Windows (Active Directory) User accounts. If they do not correspond, the feature will not be suitable.
Windows Name Resolution works well with Dynamic User Registration. See the Product Guide for more information.
2.1.4 System Clock
The IDENTIKEY Server requires that:
Your server’s time is set correctly in relation to GMT, and The time zone and daylight savings indicators are set correctly.
Pre-installation Tasks
zone implemented, with a PTR record existing for each client Windows machine. This is required for Dynamic Component Registration.
2.1.6 Embedded PostgreSQL Database
2.1.6.1 Local Users Group Permissions
If the local Users group has restricted permissions on the Program Files directory, the installation of the PostgreSQL database may fail. To avoid this problem, two options are available:
Set the required permissions for the local Users group
Create the PostgreSQL service account before installation and set the required permissions for it (it is usually created automatically during installation)
The PostgreSQL service account requires a User ID of dppostgres and password of p!ss&0rd.
The permissions required for the Program Files directory are:
Read & Execute List Folder Contents Read
2.1.7 User Self Management Website
If the Self Management website is to be installed on Windows 2008, please note the following :
1. When adding the IIS role, the 'IIS Backwards Compatibility with IIS6' feature must be installed and enabled.
2. The 'CGI' feature must be selected when installing IIS on Windows 2008 to enable the User Admin web sites to function correctly.
IDENTIKEY Server Windows Installation Guide 18
Set Up Data Store for IDENTIKEY Server
3 Set Up Data Store for IDENTIKEY Server
IDENTIKEY Server may use either Microsoft's Active Directory or an ODBC-compliant database as its data store.
The data store is selected during installation.
Active Directory
If IDENTIKEY Server will use Active Directory as its data store, the steps in 3.2 Active Directory must be followed before installing IDENTIKEY Server.
ODBC Database
If IDENTIKEY Server will use the embedded PostgreSQL database as its data store, no specific database setup is required before installing IDENTIKEY Server.
If IDENTIKEY Server will use another ODBC database as its data store, then follow the steps in 3.1 ODBC Database before installing IDENTIKEY Server.
Set Up Data Store for IDENTIKEY Server
3.1 ODBC Database
The following steps must only be followed if IDENTIKEY Server will be using an ODBC database other the embedded PostgreSQL database as its data store.
If IDENTIKEY Server will be using the embedded database, setup is automatic during installation and configuration.
3.1.1.1 Checklist – Decisions
The following checklist contains the key decisions to make before you start:
Database Location and SetupA number of decisions may be required for the ODBC database to be used:
The server on which the database will be located.
Will the data for the IDENTIKEY Server will be stored in a new database, or added to an existing database?
Will a new schema be used?
New DatabaseDecide the collation sequence to be used – for example, case-sensitivity.
Database User AccountsCreate or select database user accounts for:
Modifying the database schema (database administrator account required).
IDENTIKEY Server (see the Administrator Reference for details on the permissions required).
If using Microsoft SQL Server, extra steps must be undertaken if using Windows Native Authentication. See 3.4 Microsoft SQL Server using Windows Native Authentication for details.
3.1.1.2 Modify Database Structure
DPDBADMIN Utility
If the embedded ODBC database is not being used, the addschema command must be run to set up the required schema in the database to be used for IDENTIKEY Server.
The addschema command can be run manually before starting the installation, or you can rely on the Configuration Wizard to run the command. How the addschema command is run will depend on the security settings on your datastore, and your company's data security processes.
To run the addschema command manually:
1. Copy dpdbadmin.exe from the CD-IMAGE\Software\Windows\X86 or amd64\Utilities\dpdbadmin directory on the installation CD or zip file onto the computer from which the database can be accessed.
IDENTIKEY Server Windows Installation Guide 20
Set Up Data Store for IDENTIKEY Server
2. Create an ODBC Data Source for the database on the computer, if one does not currently exist.
3. Open a command prompt in the location to which it was copied.
4. Enter:
dpdbadmin addschema –u user_id –p password -d dsn
Ensure that the User ID and password used are that of the database administrator account.
5. Wait several minutes for the Schema extensions to replicate throughout the system. Use the checkschema command to check if the schema updates have been completed. Do not continue with the installation until a clean checkschema result is obtained.
dpdbadmin checkschema –u user_id –p password -d dsn
For further details on DPDBADMIN, see 14 Extend Data Store Schema . Permissions
If the database user account used by the IDENTIKEY Server is not the owner of the tables and is not a database administrator account, it must be granted permissions for the tables, or ownership of the tables transferred.
Note
Ensure that it is possible for the account(s) mentioned to reference the tables by name without a schema prefix. If this cannot be done, see the Administrator Reference for advanced setup instructions.
3.2 Active Directory
3.2.1 Checklist – Decisions
The following checklist contains the key decisions to make before you start:
Approve the Schema ExtensionsIf your company has an approval process to go through for extensions to the Active Directory Schema, then go through this process.
Enterprise Root Certificate ServerSet Up Data Store for IDENTIKEY Server
Domain AdministratorSelect a Domain Administrator account in the DIGIPASS Configuration Domain to use in installing IDENTIKEY Server.
Installation LocationDecide where to install the IDENTIKEY Server.
If you are installing with the purpose of going through a basic evaluation process, installing onto a Domain Controller is recommended. This will mean that SSL will not need to be set up in order for the IDENTIKEY Server to function.
3.2.2 Active Directory Setup
The schema changes using the addschema command can be run manually before starting the installation, or the Configuration Wizard can run the command during configuration. If the schema changes have been made before the Configuration Wizard is run, the Configuration Wizard will detect this and will not run the schema extension a second time. How you choose to make the schema changes will depend on the security settings on your datastore, and your company's data security processes
If you allow the Configuration Wizard to make the schema changes, you will have to wait while the schema changes are applied, and wait while replication of the changes occurs across all domains. You will only be able to continue with the Configuration Wizard after the schema changes have been applied and replicated.
To manually run the addschema command to extend the Active Directory schema:
1. Log into the Schema Master as a member of the Schema Administrators group.
2. Copy dpadadmin.exe from the CD-IMAGE\Software\Windows\X86 or amd64\Utilities\dpadadmin installation directory on the installation CD onto the Schema Master
3. Open a command prompt in the location to which it was copied.
4. Type:
dpadadmin addschema -v
5. If DPADadmin detects that Schema extensions are not currently permitted, it will prompt you whether to enable them or not. Enter y to enable them, or n to cancel.
6. Wait several minutes for the Schema extensions to replicate to all the domains and for the local Domain Controller to update its internal data caches. Use the dpadadmin checkschema command to check if the schema updates have been completed. Do not continue with the installation until a clean checkschema result is obtained.
See the Schema Extensions section of the IDENTIKEY Server Administrator Reference for details of what is changed when the schema is extended.
3.2.3 SSL Setup
The IDENTIKEY Server can use SSL when communicating with Active Directory. For this to work correctly, an
IDENTIKEY Server Windows Installation Guide 22
Set Up Data Store for IDENTIKEY Server
Enterprise root Certificate Authority must exist in the forest. It may be installed on any server in the forest, if the server selected is available to the Domain Controller(s) used by the IDENTIKEY Server.
Alternatively, an option is provided during installation to not use SSL in communications between the IDENTIKEY Server and Active Directory. If LDAP SSL will be disabled, no Certificate Authority is required.
1. If not already available, install Certificate Services on the selected machine. This is a Windows component - you may need access to the original Windows installation files or CD/DVD.
2. Generate the Enterprise root CA certificate.
3. You may need to wait several minutes to allow the Domain Controllers to enrol for Domain Controller certificates.
3.3 Serial Number and Maintenance ID
You must have a product Serial Number and a company Maintenance ID unless you are installing an evaluation version of IDENTIKEY Server. If these have not been issued to you, contact your VASCO supplier.
3.4 Microsoft SQL Server using Windows Native Authentication
If you intend to use Microsoft SQL Server using Windows Native Authentication, the following rules must be observed:
1. The User account of the IDENTIKEY Server service must be changed to a User account which is a member of a domain of which both Microsoft SQL Server and IDENTIKEY Server are members.
2. The appropriate permissions must be added to the Microsoft SQL Server User mentioned above.
Start IDENTIKEY Server Installation
4 Start IDENTIKEY Server Installation
The installation program will guide you through installing IDENTIKEY Server and the initial configuration necessary to get it operational. It will launch one or more Windows Installers (MSI) followed by the IDENTIKEY Server Configuration Wizard.
Note
If you are running the installation on Microsoft Windows Vista or Microsoft Windows 2008 core, the windows shown in this guide may look slightly different to those displayed onscreen, but the procedure will be the same.
Image 1: IDENTIKEY Server Installation Welcome Window
1. If autorun is enabled on the installation machine the installer will start up when the CD is inserted. If it does not start automatically then double click on autorun.exe.
The Welcome window will be displayed.
2. Click Install Identikey Server 3.2 to start the installation.
The Welcome window will be displayed.
IDENTIKEY Server Windows Installation Guide 24
Start IDENTIKEY Server Installation
Image 2: IDENTIKEY Server Installation Welcome Window 3. Click Next to continue.
The three subsequent chapters cover the three types of installation scenario. Choose the instructions to follow depending on which type of installation you wish to perform:
Basic installation, using the embedded PostgreSQL database as data store – see 5 Install IDENTIKEY Server in Basic Mode – ODBC
Advanced installation, using an ODBC-compliant database as data store – see 6 Install IDENTIKEY Server in Advanced mode - ODBC
Advanced installation, using Active Directory as data store – see 7 Install IDENTIKEY Server - Active Directory
4.1 Tomcat Upgrade
If the IDENTIKEY Server Installer detects the presence of an earlier version of Tomcat than the version it requires
Start IDENTIKEY Server Installation
b. Click on Yes.
A Windows warning window may be displayed. Click on Yes.
The progress of the installation will be displayed.
When the Tomcat upgrade is finished, the Identikey Setup window will be displayed.
Image 3: IDENTIKEY Server Setup Window
IDENTIKEY Server Windows Installation Guide 26
Install IDENTIKEY Server in Basic Mode – ODBC
5 Install IDENTIKEY Server in Basic Mode – ODBC
There are two installation modes available - Basic and Advanced. If you do not wish to use default installation and configuration settings, follow the instructions in 6 Install IDENTIKEY Server in Advanced mode - ODBC .
5.1 Basic Installation Mode
Basic Installation will install the following:
IDENTIKEY Server PostgreSQL database Administration Web Interface Apache Tomcat
Java JRE
Message Delivery Component (MDC) Audit Viewer
After the IDENTIKEY Server has been installed the Configuration Wizard will be started up in Basic mode, which means that there will be limited configuration choices, with many settings set to default values.
Note
Only the embedded PostgreSQL database is available in Basic Installation mode.
Install IDENTIKEY Server in Basic Mode – ODBC
5.2 Basic Installation
1. The Installation Type window will be displayed.
Image 4: IDENTIKEY Server Installation - Installation Type Window 2. Select Basic Installation.
3. Click Next.
The End-User License Agreement screen will be displayed.
IDENTIKEY Server Windows Installation Guide 28
Install IDENTIKEY Server in Basic Mode – ODBC
Image 5: IDENTIKEY Server Installation -License Agreement Window 4. Read the agreement carefully.
5. To accept the License Agreement, check the box I agree to the terms in the License Agreement and click Next.
To print the agreement, click Print.
If you do not accept the License Agreement, and click Cancel, the install will terminate.
The Select Installation Path window will be displayed.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 6: IDENTIKEY Server Installation - Select Installation Path Window
6. If you want to install the IDENTIKEY Server somewhere other than the default location, use the browse button to indicate where.
7. Click Next to continue.
The Installation Progress window will be displayed.
IDENTIKEY Server Windows Installation Guide 30
Install IDENTIKEY Server in Basic Mode – ODBC
Image 7: IDENTIKEY Server Installation - Installation Progress Window 8. Click on Install.
The IDENTIKEY Server installation will begin.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 8: IDENTIKEY Server Installation - Installation Progress Window
The Installer will install each component in turn, checking each one off on the Installation Progress window as it goes.
IDENTIKEY Server Windows Installation Guide 32
Install IDENTIKEY Server in Basic Mode – ODBC
Image 9: IDENTIKEY Server Installation - Installation Progress Window - PostgreSQL
When the Installer gets to the Run configuration Wizard step, the IDENTIKEY Server Configuration Wizard will be started automatically. The Installer runs a contracted version of the wizard, which uses default values for some settings.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 10: IDENTIKEY Server Configuration Wizard - Start Window 9. Click Next to continue.
The IP Address window will be displayed.
IDENTIKEY Server Windows Installation Guide 34
Install IDENTIKEY Server in Basic Mode – ODBC
Image 11: IDENTIKEY Server Configuration Wizard - IP Address Window 10. Select the IP address for the IDENTIKEY Server.
11. Click Next.
12. Next The Licence Key window will be displayed.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 12: IDENTIKEY Server Configuration Wizard - License Window
13. To load a license file you must first have downloaded it from the VASCO website. If you have not done that you can do it now by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license later, by clicking Copy URL to Clipboard.
If you already have a license key file, you can load it by navigating to the file using the ... button. You can continue without loading a license key file, but you must load one before you can start to use IDENTIKEY Server. Click Next to continue. The Server Functionality window will be displayed.
Click Next to continue.
Note
The 'Request a License Key' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a license from vasco.com for Windows 2008 Core you will have to download the license on another machine and copy it across to the Windows 2008 Core machine.
IDENTIKEY Server Windows Installation Guide 36
Install IDENTIKEY Server in Basic Mode – ODBC
Image 13: IDENTIKEY Server Configuration Wizard - Server Functionality Window
The functionality that is permitted by the license loaded on the previous window is selected by default.
14. Click to de-select any functions not required.
15. Click Next to continue. The First Administrator window will be displayed.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 14: IDENTIKEY Server Configuration Wizard - First Administrator Window
16. Enter a User ID and Password. Confirm the password and click Next to continue to the SSL Server Certificate Details screen.
IDENTIKEY Server Windows Installation Guide 38
Install IDENTIKEY Server in Basic Mode – ODBC
Image 15: IDENTIKEY Server Configuration Wizard - Server Certificate Window
17. Enter a Password for the SSL Server Certificate and confirm it. Select the Signature Algorithm from the drop- down list. The certificate generated here is also used for RADIUS, SEAL and SOAP. See 15 SSL Server Certificate Encryption Algorithms
for information about the selections for this field.
Click Next to continue to the RADIUS Topology page.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 16: IDENTIKEY Server Configuration Wizard - RADIUS Topology Window 18. Select the format of RADIUS topology required.
a. If no RADIUS configuration is required, select it then clicki Next to take you to the Confirmation window.
b. If IDENTIKEY Server as a standalone RADIUS server is selected, clicking Next will display the RADIUS Client screen will be displayed. Enter the Location of the RADIUS server, and the shared secret.
Confirm the shared secret.
IDENTIKEY Server Windows Installation Guide 40
Install IDENTIKEY Server in Basic Mode – ODBC
Image 17: IDENTIKEY Server Configuration Wizard - RADIUS Client Window
c. If IDENTIKEY Server in front of RADIUS server is selected, clicking Next will display the RADIUS Client screen Enter the Location of the RADIUS server, and the shared secret. Confirm the shared secret. Click Next, and the RADIUS Server window will be displayed.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 18: IDENTIKEY Server Configuration Wizard - RADIUS Server Window Enter the details required to define the RADIUS server:
Authentication IP Address IP address on which the RADIUS Server receives authentication requests.
Authentication Port UDP Port on which the RADIUS Server receives authentication requests Accounting IP Address IP address on which the RADIUS Server receives accounting requests Accounting Port UDP Port on which the RADIUS Server receives accounting requests Shared Secret Shared Secret between the and the RADIUS server.
Confirm Shared Secret
Click Next to continue to the Confirmation window.
IDENTIKEY Server Windows Installation Guide 42
Install IDENTIKEY Server in Basic Mode – ODBC
Image 19: IDENTIKEY Server Configuration Wizard – Confirmation
19. Check the details on the confirmation screen. If any changes are required, navigate back to the page using the Previous button and correct the entry.
If no changes are required, click Next to continue to the Summary window.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 20: IDENTIKEY Server Configuration Wizard Summary Window 20. A summary of the settings will be displayed.
21. Click Finish to complete the configuration.
The Configuration Wizard will apply configuration settings to IDENTIKEY Server. It will also deploy the Administration Web Interface application to the Apache Tomcat web server and configure it to connect to the installed IDENTIKEY Server with a generated self-signed server certificate.
The Import DPX files window will be displayed.
IDENTIKEY Server Windows Installation Guide 44
Install IDENTIKEY Server in Basic Mode – ODBC
Image 21: Import DPX Files Window
22. The Import DPX Files step is optional. To bypass this step, click Next to continue.
To import a DPX file:
a. Enter the location of the DPX file, or click Browse to navigate to the file.
b. Enter the Transport Key, which will be supplied by VASCO to accompany the DPX file.
c. Enter the User ID, password and Server IP for the IDENTIKEY Server that is being installed.
d. Click Import to install the DPX file.
When installation is complete, the Installation Completed window will be displayed.
Install IDENTIKEY Server in Basic Mode – ODBC
Image 22: IDENTIKEY Server Installation Complete Window 23. Click Finish when the installation is complete.
IDENTIKEY Server Windows Installation Guide 46
Install IDENTIKEY Server in Advanced mode - ODBC
6 Install IDENTIKEY Server in Advanced mode - ODBC
Advanced Installation allows you to customize your installation and configuration in detail. If you wish to use only default installation and configuration options, see 5 Install IDENTIKEY Server in Basic Mode – ODBC .
6.1 Advanced Installation
The first window to be displayed will be the Install Type window.
Image 23: IDENTIKEY Server Select Installation Type Window 1. Select the Advanced Installation option button.
2. Click Next.
The Data Storage window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 24: IDENTIKEY Server Installation - Data Storage Window 3. Select the ODBC Database option button.
4. Click Next.
The Select Components window will be displayed.
IDENTIKEY Server Windows Installation Guide 48
Install IDENTIKEY Server in Advanced mode - ODBC
Image 25: IDENTIKEY Server Installation – Select Components Window 5. Click the IDENTIKEY Server 3.2 button.
The IDENTIKEY Server Setup Wizard start window will be displayed.
6. Click Next to continue.
The License Agreement screen will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 26: IDENTIKEY Server Installation – License Agreement Window 7. Read the agreement carefully.
8. To accept the License Agreement, check the box I accept the terms in the License Agreement and click Next.
If you do not accept the License Agreement, and click Cancel, the install process will terminate.
The next screen to be displayed will be the Custom Setup Window.
IDENTIKEY Server Windows Installation Guide 50
Install IDENTIKEY Server in Advanced mode - ODBC
9. Select the features that you want to be installed by clicking on the icons on the window. Click the Reset button to reset all your choices.
10. Click Next to continue.
Image 27: IDENTIKEY Server Installation – Custom Setup window The Ready to Install IDENTIKEY Server window will be displayed.
11. Click Install to continue.
The Installing IDENTIKEY Server progress window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 28:IDENTIKEY Server Installation – Ready to Install IDENTIKEY Server window 12. Click the Next button to continue when it becomes available.
IDENTIKEY Server Windows Installation Guide 52
Install IDENTIKEY Server in Advanced mode - ODBC
Image 29: Installing IDENTIKEY Server progress window
13. Click Finish to complete the installation of IDENTIKEY Server.
The IDENTIKEY Server Setup Wizard finish window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 30: IDENTIKEY Server Setup Wizard Completed window
14. The Installer will install the component for each button that is selected. Each installation after the IDENTIKEY Server install is optional.
IDENTIKEY Server Windows Installation Guide 54
Install IDENTIKEY Server in Advanced mode - ODBC
Image 31: IDENTIKEY Server Installation - Select Components window
15. When the Installer gets to the Run configuration Wizard step, click the Run Configuration Wizard button and the IDENTIKEY Server Configuration Wizard will be started.
16. The Start window will be displayed. Click Next to continue.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 32: IDENTIKEY Server Configuration Wizard - Start Window 17. The IP address will be displayed.
IDENTIKEY Server Windows Installation Guide 56
Install IDENTIKEY Server in Advanced mode - ODBC
Image 33: IDENTIKEY Server Config IP Address Window
18. Select the IP address for the IDENTIKEY Server. Click Next to continue.
The License window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 34: IDENTIKEY Server Configuration Wizard – License Window
19. To load a license file you must first have downloaded it from the VASCO website. If you have not done that you can do it now by going to the web site specified, or by clicking the Request a License Key button. You can also copy the URL to the clipboard if you wish to download the license later, by clicking Copy URL to Clipboard.
If you already have a license key file, you can load it by navigating to the file using the ... button. You can continue without loading a license key file, but you must load one before you can start to use IDENTIKEY Server. Click Next to continue. The Server Functionality window will be displayed.
Note
The Request a Licence from 'vasco.com' button will not be available for Windows 2008 Core, as there is no browser available to load the web site. To obtain a licence from vasco.com for Windows 2008 Core you will have to download the licence on another machine and copy it across to the Windows 2008 Core machine.
IDENTIKEY Server Windows Installation Guide 58
Install IDENTIKEY Server in Advanced mode - ODBC
Image 35: IDENTIKEY Server Configuration Wizard Server Functionality Window
20. The functions that are available on the Server Functionality window will be determined by your license. Click in the check box to either select or de-select an available function. Click Next to continue.
The HSM selection window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 36: IDENTIKEY Server Configuration Wizard - HSM Window
21. If you wish to use a Hardware Security Module with IDENTIKEY Server:
a. Select Use the available Hardware Security Module(s).
b. Enter the location of the PKCS11 library file, typically named libcryptoki.dll.
c. Click Next.
d. Enter the HSM Storage details - storage key label, Slot ID, Token Label and Token pin.
e. Click Next.
f. Enter the HSM Sensitive data details - sensitive data key, Token Label and token pin.
g. Click Next.
See 6.2 Set Up a Hardware Security Module for further information on Hardware Security Module setup.
If you do not wish to use a Hardware Security Module:
a. Select Do not use a Hardware Security Module.
b. Click Next.
The Database Window will be displayed.
IDENTIKEY Server Windows Installation Guide 60
Install IDENTIKEY Server in Advanced mode - ODBC
Image 37: IDENTIKEY Server Configuration Wizard – Database Window
22. Select the ODBC Data Source name for the database that IDENTIKEY Server will use, and if required, a Username and Password. If you are using the PostgreSQL database supplied with IDENTIKEY Server, the Username and Password will be supplied in the background, and the fields will not be populated.
Click Next to continue.
The User ID/Domain conversion window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 38: IDENTIKEY Server Configuration Wizard - User ID/Domain conversion Window 23. Select the Case conversion format that you require.
24. Tick the Use Windows Name Resolution checkbox to enable IDENTIKEY Server to use Windows Name Resolution. This is recommended if Dynamic User Registration is to be enabled.
25. Click Next to continue.
The Master Domain window will be displayed.
IDENTIKEY Server Windows Installation Guide 62
Install IDENTIKEY Server in Advanced mode - ODBC
Image 39: IDENTIKEY Server Configuration Wizard - Master Domain Window
26. Enter the name of the Master Domain where the first administrator account will be created.
27. Click Next to continue.
The First Administrator window will be displayed. The first administrator account can be used to login to IDENTIKEY Server (e.g. using the webadmin) and will have a full set of administrative privileges.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 40: IDENTIKEY Server First Administrator Window
28. Enter a User ID and password for the first administrator account.
29. Click Next to continue.
The Sensitive Data Encryption window will be displayed. The Sensitive Data Encryption windows are only displayed if the HSM option has not been selected.
IDENTIKEY Server Windows Installation Guide 64
Install IDENTIKEY Server in Advanced mode - ODBC
Image 41: IDENTIKEY Server Sensitive Data Encryption Window Select the form of Sensitive Data Encryption.
Note
If you will be using a custom encryption key for sensitive data, this should be set before DIGIPASS are imported to the 'live' version of the IDENTIKEY Server. See the Sensitive Data Encryption topic in the Administrator Reference for more information.
30. Selecting the Custom with embedded and custom key combination option will result in the Custom Data Encryption window being displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 42: IDENTIKEY Server Custom Data Encryption Window
If you select the Load From File option the Load Data Encryption window will be displayed.
IDENTIKEY Server Windows Installation Guide 66
Install IDENTIKEY Server in Advanced mode - ODBC
Image 43: IDENTIKEY Server Load Data Encryption Window
31. With either of the above screens, click Next. The SSL Server Certificate Installation window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 44: IDENTIKEY Server SSL Server Certificate Installation Make your selection as to how to install an SSL certificate.
IDENTIKEY Server Windows Installation Guide 68
Install IDENTIKEY Server in Advanced mode - ODBC
32. If you select Generate and install a new test certificate (self-signed) the SSL Server Certificate Details window will be displayed.
Image 45: IDENTIKEY Server Configuration Wizard SSL Server Certificate Details Window a. Enter a Private key password for the new certificate. Confirm the password.
b. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms
for information about the selections for the Signature Algorithm.
c. Click Next.
33. If you select Install my own SSL certificate, the SSL Server Certificate Selection window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 46: IDENTIKEY Server Configuration Wizard SSL Server Certificate Selection Window To install your own certificate:
a. Navigate to an SSL private key file. This file should contain only the private key, in PEM format.
b. Enter the private key password.
c. Navigate to the server certificate file.
d. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle.
e. Navigate to the Certificate Authority (CA) Certificate file and click OK. The Configuration Wizard will add the file to the Administration Web Interface's keystore.
If a Certificate Authority certificate for the SSL Certificate is not available in the keystore, the Administration Web Interface will not be able to connect to the IDENTIKEY Server.
f. Click Next.
34. The RADIUS SSL Server Certificate Installation window will be displayed.
IDENTIKEY Server Windows Installation Guide 70
Install IDENTIKEY Server in Advanced mode - ODBC
Image 47: IDENTIKEY Server RADIUS TLS Server Certificate Selection
Select the RADIUS SSL Server Certificate to use to secure RADIUS wireless connections.
If Use the IDENTIKEY SSL Server certificate is selected,click Next to continue.
If Generate and install a new test certificate (self-signed) is selected, the RADIUS SSL Server Certificate Details window will be displayed.
Install IDENTIKEY Server in Advanced mode - ODBC
Image 48: IDENTIKEY Server RADIUS TLS Server Certificate Password
35. If Install my own SSL certificate is selected, the RADIUS SSL Server Certificate Selection page will be displayed.
a. Enter a Private key password for the new certificate. Confirm the password.
b. Select the signature algorithm from the available algorithms in the drop-down box. See 15 SSL Server Certificate Encryption Algorithms
for information about the selections for this field.
c. Click Next.
If Install my own SSL certificate is selected, the RADIUS SSL Server Certificate Selection window will be displayed.
IDENTIKEY Server Windows Installation Guide 72
Install IDENTIKEY Server in Advanced mode - ODBC
Image 49: IDENTIKEY Server RADIUS SSL Server Certificate Selection To install your own certificate:
d. Navigate to an SSL private key file. This file should contain only the private key, in PEM format.
e. Enter the private key password.
f. Navigate to the server certificate file.
g. Navigate to an intermediate certificate bundle, in PEM format. Only use this field if if your certificate requires an intermediate bundle.
h. Click Next.
The Automatic Server Location Support window will be displayed.
