SealSign DSR installation and configuration guide

[email protected]

elevenpaths.com

SealSign DSR (eArchive)

Installation and Configuration

ElevenPaths, radical and disruptive innovation in security solutions

SealSign DSR (eArchive) Installation and Configuratrion guide

V 3.2 – October 2016

2016 © Telefónica Digital España, S.L.U. All rights reserved. Page 2 of 12

Table of content

Introduction ................................................................................................................ 3

SealSign DSR installation requirements ....................................................................... 4

Installing and Configuring the SealSign DSR module .................................................... 5

3.1 Installing the DSR module ......................................................................................................... 5

3.2 Configuring the DSR module .................................................................................................... 6

3.2.1 Configuring the connection to the database .............................................................................. 6

3.2.2 Configuring the IIS module ......................................................................................................... 7

Installation troubleshooting ........................................................................................ 9

4.1 Error 80070005 ......................................................................................................................... 9

4.2 Error 80040154 ....................................................................................................................... 10

Resources .................................................................................................................. 11




Introduction

SealSign DSR (eArchive) is a module that provides a secure document storage system. Like other SealSign modules, its functionality is based on web services. For this module to function properly it also needs the SealSign DSS Web and DSS Service modules.

Image 01: SealSign DSR modules.

The following is an overview of the features of each module.

DSR module (eArchive): It is the subject of this guide. Its objectives and functionalities are designed to protect the documents and ensure their integrity. Other features may include document protection using cryptographic techniques, advanced signature and time stamping of the document, or the custody of digital evidence of any operation carried out with the repository. Moreover, the web administration allows administrators to define the repository parameters and access to documents.

DSS Web Module (administration and configuration): This module is the configuration and administration web tool of the SealSign DSS solution and it is used to manage all other modules (except for the Revoke module). Therefore, its installation is essential if you wish to install any other module.

DSS Service Module (electronic signature): This module incorporates the electronic signature engine and SOA (Service Oriented Architecture) interfaces of the web service required to access its functionality. Installation is mandatory.

Texts as well as images used in this guide are based on a Microsoft Windows 2012 operating system, although any system administrator can install the product on other versions.




SealSign DSR installation requirements

SealSign DSR architecture is based on the services provided by the SealSign DSS electronic signature platform. Therefore, it is mandatory to have the DSS Service (electronic signature) and DSS Web (administration and configuration) modules to use the product. Installation of these modules is explained in the "SealSign DSS - Installation Guide".

The following requirements are necessary for installing and using DSR:

Microsoft Windows Operating System (server operating system recommended).

.NET Framework 3.5 SP1.

IIS 6 (IIS 7 recommended).

SQL Server or Oracle database manager

Proper configuration of the application server role and web server role (IIS)

In the previously mentioned guide you can find all the details on these installation requirements, including configurations of the application server role and web server role.

Since the functioning of the DSR module is conditioned by the DSS Service and DSS Web modules, two different scenarios may take place:

All 3 modules are installed on the same machine. This is the most common scenario and, in this case, installation of the DSS Service and DSS Web modules is recommended. The installation of said modules requires highly important pre-configurations that are detailed in the previous guide. As the present guide explains, the BSS module will be installed after installing these other modules.

Modules are on different machines. It may be the case that the DSS Web and DSS Service modules are on one machine and the CKC module is on a different one. In such case both machines must meet the pre-requirements mentioned in the previous guide, and have the appropriate configuration in the application server role and the web server role.

http://es.slideshare.net/elevenpaths/sealsign-dss-installation-and-configuration




Installing and Configuring the SealSign DSR module

3.1 Installing the DSR module

The module is installed with the help of a wizard, as is the case with many Microsoft Windows programs.

During installation, you must choose from the list of available websites the one in which you wish to install the digital signature service SealSign DSS, the virtual directory name and the application Application Pool that was configured in the IIS (in this case, SealSignAppPool).

Image 02: Configuration during the DSR module installation

After the installation, it has been added as just another program to the program list in the Control Panel, and it will be displayed in the IIS as a web application.




Image 03: Module already integrated as a web application in IIS

3.2 Configuring the DSR module

Once the module is installed, you need to configure it to use correctly both the database and the IIS.

3.2.1 Configuring the connection to the database This configuration is performed in the connectionStrings.config configuration file. You can find this file in the SealSignDSRService directory of the website where the product was installed. This file includes the connection string to the database created earlier in SQL Server (SealSign DSS - Installation Guide):

<connectionStrings>

<add name="SealSignDSSConnectionString"

connectionString="Data Source=localhost;

Initial Catalog=SealSignDSS;

Trusted_Connection=Yes;

persist security info=False;

TrustServerCertificate=True" />

</connectionStrings>

If the database used is SQL Server, you just need to modify the above shown parameters to adapt them to the settings previously configured in the database. You can get information on creating connection strings in SQL Server on this website.



http://msdn.microsoft.com/en-us/library/ms254500.aspx




If the database is Oracle, you need to modify the following parameters:

You have to change the value of the FactoryProvider key and set it to System.Data.OracleClient in the web.config file, located in the same directory where the connectionStrings.config file is.

You also have to configure the connection string to access Oracle in the connectionStrings tag. You can get information on creating connection strings in Oracle on this website.

You have to change the connectionString attribute in the add tag, and set it with the following format:

Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=DSR)(HOST=DSR)(PORT=DSR)) (CONNECT_DATA=(SID=DSR))); User Id=user id; Password=password;

A connection example could be as follows

web.config file:

...

<appSettings>

<add key="FactoryProvider" value="System.Data.OracleClient" />

...

</appSettings>

...

connectionStrings.config file:

<connectionStrings>

<add name="SealSignDSSConnectionString"

connectionString="Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)

(HOST=172.54.110.112)(PORT=1521))(CONNECT_DATA=(SID=orcl)));

User Id=SealSignDSS; Password=1234546;” />

</connectionStrings>

The "SealSign DSS - Installation Guide" noted that the user running the IIS Application Pool (regardless of the database used) must have writing and reading permissions. Moreover, when

using DSR, he must have permission to modify the DsrMetadata table.

3.2.2 Configuring the IIS module When accessing the web service, you need to have the permissions required. Both the web application and the server require Windows integrated security (Windows Authentication) to function properly. This means that to enable this type of authentication is mandatory.

Anonymous authentication (Anonymous Authentication) is enabled by default and should not be disabled, it needs to stay enabled. To enable basic authentication (Basic Authentication), on the other hand, is optional (but recommended depending on the scenario).

Thanks to this, users with technologies other than those of Microsoft Windows (iOS, Android, Java, Linux, etc.) can use this web service and therefore use the product.

http://docs.oracle.com/html/E10927_01/featConnecting.htm#i1006259





Image 04: Configuring the DSR Service module permissions in IIS




Installation troubleshooting

The electronic signature services installation process includes SealSign own error monitoring and tracking system. Therefore any errors, warnings and information messages are registered in its own application Log integrated into Microsoft Windows. In the event that any problem is identified in the services we recommend checking the SealSign DSS log.

Image 05: Microsoft Windows Event Viewer

The most common problems that can take place during the SealSign DSS installation are caused by licensing, and their identifier is 3011.

In the “SealSign Monitoring Guide” all the details on how to monitor the health of the platform and see the potential errors that can take place during its use are included.

4.1 Error 80070005

This error generally occurs when the user used to configure the Application Pool does not have permissions to operate the license management component. Said component is registered on the machine during the installation process. This is the message displayed:

An error has ocurred obtaining license information: Retrieving the COM class factory for component with CLSID {554A6D3B-2FEF-4C2F-B34C-AF6185EB2759} failed due to the following error: 80070005. at SealSignDSSLibrary.SealSignDSSLicense.InitializeLicense(String licenseFile)

In order to give activation permissions to the Application Pool user you can use the DCOMCNFG.EXE tool and look for the LicProtector Server component:

Image 06: DCOMCNFG.EXE tool.

http://es.slideshare.net/elevenpaths/sealsign-monitoring-guide-include-dss-bss-ckc-y-dsr




When clicking on the right button you access these item’s properties. There you will find the Security tab, from which you will be able to grant permissions to the user of the Application Pool.

Image 07: Permission.

4.2 Error 80040154

This error generally occurs in 64-bit environments when the activation configuration of the license management component has been modified or deleted. Said component is registered on the machine during the installation process.

This is the message displayed:

An error has ocurred obtaining license information:

Retrieving the COM class factory for component with CLSID {554A6D3B-2FEF-4C2F-B34C-AF6185EB2759} failed due to the following error: 80040154. at SealSignDSSLibrary.SealSignDSSLicense.InitializeLicense(String licenseFile)

To recreate the component's activation configuration, execute the DllSurrogate.reg file containing the installation modules.




Resources

For information about the different SealSign services available, please go to this address:

https://www.elevenpaths.com/technology/sealsign/index.html

Also, on the ElevenPaths blog you can find interesting articles and innovations regarding this product.

You can find more information about Eleven Paths products on YouTube, on Vimeo and on Slideshare.

http://blog.elevenpaths.com/

https://www.youtube.com/user/ElevenPaths

http://vimeo.com/elevenpaths

http://www.slideshare.net/elevenpaths/




The information disclosed in this document is the property of Telefónica Digital España, S.L.U. (“TDE”) and/or any other entity within Telefónica Group and/or its licensors. TDE and/or any Telefonica Group entity or TDE’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information in this document is subject to change at any time, without notice.

Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDE.

This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.

TDE shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.

TDE and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks.

PUBLICATION:

October 2016

At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.

Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.

Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.

IF YOU WISH TO KNOW MORE ABOUT US, PLEASE CONTACT US AT:

elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths

Technology

SealSign DSR installation and configuration guide