17
ElevenPaths, radical and disruptive innovation in security solutions

TrustID Revoke Server Installation Guide

Embed Size (px)

Citation preview

ElevenPaths, radical and disruptive innovation in security solutions

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 2 of 17

TABLE OF CONTENT

1 Introduction ................................................................................................................ 3

1.1 TrustID® Revoke Server Components ....................................................................................... 3

1.2 TrustID® Revoke Server Installation Requirements .................................................................. 4

2 Installing the Server Component of TrustID® Revoke Server ........................................ 5

3 Installing TrustID® Revoke Server Administration Components .................................... 9

3.1 Installing the “TrustID Revoke Administration Web Service Setup” module ........................... 9

3.2 Installing the “TrustID Revoke Administration Web Site Setup” module .............................. 11

4 Installing License Files ................................................................................................ 14

5 Index of images .......................................................................................................... 15

6 Resources .................................................................................................................. 16

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 3 of 17

1 Introduction

With the introduction of digital signatures in companies and organizations, in addition to the arising needs regarding the exploitation of the advantages of using certified systems and applications, problems are increasingly arising when integrating and managing certificates issued by certification services providers external to the organization.

These problems range from dependence on the external PSC when verifying the validity of certificates, through the publication time of their revocation lists or the availability of connectivity to their infrastructure (even from each computer in the organization), to the need of waiting for a user to notify the PSC when its certificate is compromised if the organization is working with personal certificates, such as Electronic IDs or CERES certificates of the National Mint Stamp Factory.

TrustID® Revoke Server is a local authority of digital certificate validation that integrates multiple external PSCs in the organization maintaining control of the validation process, centralizing revocation verification and providing functions of audit, cache, CRLs download, OCSP responses and local revocation lists.

This document describes the tasks required to carry out the software installation of TrustID® Revoke Server in a corporate environment. For information about the configuration and administration of the product, see the TrustID® Revoke Server Administration Guide.

1.1 TrustID® Revoke Server Components

TrustID® Revoke Server consists of three installation modules:

Validation Web Service Module, labeled “TrustID Revoke Server Setup”: It must be installed in the servers aimed at responding to verification queries from client computers (see Installing the Server Component of TrustID® Revoke Server).

Administration Web Service Module, labeled “TrustID Revoke Administration Web Service Setup”: It installs the Web Services aimed at performing configuration and administration operations. It must be installed in at least one Web server of the network that has access to the configuration database (see Installing the “TrustID Revoke Administration Web Service Setup” Module).

Administration Web Site Module, labeled “TrustID Revoke Administration Web Site Setup”: This is a Web application that provides a user interface to use the Administration Web Service. It must be installed in at least one Web server of the network. Although they can be separated, both the service and the Administration Web Site are designed to coexist on a single computer, (see Installing the “TrustID Revoke Administration Web Site Setup” Module).

There are no dependencies between the installation modules. Therefore, the installation order is irrelevant.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 4 of 17

1.2 TrustID® Revoke Server Installation Requirements

TrustID® Revoke Server is a Web solution based on .NET Framework 2.0. For its installation in a computer, the following requirements in terms of software must be met:

Windows Server operating system (Windows 2003 or higher).

.NET Framework 2.0.

SQL Server or Oracle database server. Before installing the solution components you need to create a database that will store the configuration, cache and audit of the service. During installation, data of the connection to it will be requested. In the case of the Oracle database server, you also need to install the Oracle Oledb provider.

Internet Information Server (6.0 or higher recommended). In the case of IIS 7.0 or higher, you need to install, at least, the ASP.NET support features, the Windows integrated authentication (only required for administration sites) and the compatibility with IIS 6.0 (only required during the installation process for installers. Once Revoke Server is installed, compatibility with IIS 6.0 can be deleted).

In terms of connectivity, the only requirement (only Validation/Download servers) is access from the computer to revocation verification services (CRLs, OCSP Responders, etc...), of those external PSCs that will be in the organization.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 5 of 17

2 Installing the Server Component of TrustID® Revoke Server

To install “TrustID Revoke Server Setup”, the user account running the installation must have administrative privileges.

As mentioned in the previous section, you must execute the installer on network servers aimed to respond to verification queries of client computers.

To install “TrustID Revoke Server Setup” you must follow these steps1:

1. Select the “RevokeServeSetup.msi” file (“RevokeServerSetupForx64.msi” on 64 bits platforms) and execute it. In the case of a computer running Windows 2008 operating system or higher that has the User Account Control enabled, you must execute the “setup.exe” process so that the process is launched with administrative privileges.

2. After opening the wizard, you need to select the Web site, virtual directory, and application pool where the validation Web service will be installed.

Figure 01: Selecting the Web site, virtual directory and application pool.

3. After installation, the configuration wizard to connect the Web application to the Revoke database is displayed. In the Welcome screen of the wizard, you need to make sure that the Web Application Configuration and Service Configuration options are selected.

1 If the computer where you are installing it is a “Terminal Services” server, you must follow the recommended software installation procedure, that is, access the product installation from “Control Panel” – “Add or Remove Programs”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 6 of 17

Figure 02: Wizard for the connection to the database.

4. The next step is configuring the connection parameters to the database. You need to enable the Initialize Database option if it is a new database. This way, the diagram required for the storage of service data will be created. You only need to initialize the database in the first installer once.

Figure 03: Configuring the connection parameters to the database.

If you select integrated security for the connection to the database, the user accounts running the service and the Web application must have the necessary access privileges to the database

in the SQL Server server.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 7 of 17

5. You must then select the Web site where the application was installed.

Figure 04: Selecting the web site where the application was installed.

6. And finally, the folder where the Revoke server was installed.

Figure 05: Selecting the folder where the Revoke server was installed.

After this, installation is complete, and the TrustID Revoke Serve Setup is displayed in the program list of the “Control Panel”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 8 of 17

Figure 06: TrustID Revoke Server in the program list.

You can uninstall this module like any other program, through “Control Panel” – “Programs and Features”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 9 of 17

3 Installing TrustID® Revoke Server Administration Components

3.1 Installing the “TrustID Revoke Administration Web Service Setup”

module

To install “TrustID Revoke Server Administration Web Service Setup” the account of the user running the installation must have administrative privileges.

As mentioned, you must execute this installer in at least one Web server of the network that has access to the database configuration.

To install “TrustID Revoke Administration Web Service Setup” you must follow these steps2:

1. Select the “RevokeAdminWSSetup.msi” file (“RevokeAdminWSSetupForX64.msi” on 64 bits platforms) and execute it. In the case of a computer running Windows 2008 operating system or higher that has the User Account Control enabled, you must execute the “setup.exe” process so that the process is launched with administrative privileges.

2. After opening the wizard, you need to select the Web site, virtual directory, and application pool where the validation Web service will be installed.

Figure 07: Selecting the Web site, virtual directory and application pool.

2 If the computer where you are installing it is a “Terminal Services” server, you must follow the recommended software installation procedure, that is, access the product installation from “Control Panel” – “Add or Remove Programs”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 10 of 17

3. After installation, the configuration wizard to connect the Web application to the Revoke database is displayed.

Figure 08: Wizard for the connection to the database

4. The next step is configuring the connection parameters to the database. You have to enable the Initialize Database option, if not previously initialized. The database to be configured must be the same one for both this installer and the TrustID Revoke Server Setup module.

Figure 09: Configuring the connection parameters to the database.

If you select integrated security for the connection to the database, the user accounts running the service and the Web application must have the necessary access privileges to the database

in the SQL Server server.

5. Finally, you must then select the Web site where the application was installed.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 11 of 17

Figure 10: Selecting the web site where the application was installed

After this, installation is complete, and the TrustID Revoke Administration Web Service Setup is displayed in the program list of the “Control Panel”.

Figure 11: TrustID Revoke Administration Web Service in the program list.

You can uninstall this module like any other program, through “Control Panel” – “Programs and Features”.

3.2 Installing the “TrustID Revoke Administration Web Site Setup”

module

To install “TrustID Revoke Administration Web Site Setup” the account of the user running the installation must have administrative privileges.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 12 of 17

As mentioned, you must execute this installer on at least one network Web server. We recommend that you install it in the same Web server as “TrustID® Revoke Administration Web Service Setup”.

To install “TrustID® Revoke Administration Web Site Setup” you must follow these steps3:

1. Select the “RevokeAdminSetup.msi” file (“RevokeAdminSetupForX64.msi” on 64 bits platforms) and execute it. In the case of a computer running Windows 2008 operating system or higher that has the User Account Control enabled, you must execute the “setup.exe” process so that the process is launched with administrative privileges.

2. After opening the wizard, you need to select the Web site, virtual directory, and application pool where the validation Web service will be installed.

Figure 12: Selecting the Web site, virtual directory and application pool

3. After installation, the configuration wizard to connect this Web site to the administration Web service is displayed, (see Installing the “TrustID Revoke Administration Web Service Setup” module).

4. Finally, you must then select the Web site where the application was installed

3 If the computer where you are installing it is a “Terminal Services” server, you must follow the recommended software installation procedure, that is, access the product installation from “Control Panel” – “Add or Remove Programs”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 13 of 17

Figure 13: Selecting the web site where the application was installed.

After this, installation is complete, and the TrustID Revoke Administration Web Site Setup is displayed in the program list of the “Control Panel”.

Figure 14: TrustID Revoke Administration Web Site in the program list

You can uninstall this module like any other program, through “Control Panel” – “Programs and Features”.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 14 of 17

4 Installing License Files

To operate TrustID® Revoke Server, a license file is required for each validation server. This file must be requested to ElevenPaths, which will need the DNS name of the servers where the component of the “TrustID® Revoke Server Setup” validation server will be executed. You can find the computer DNS name in the computer properties. ElevenPaths will issue a license file for each server requested.

Figure 15: Accessing the computer DNS name.

To implement the license file to the installation, just copy the license file of the pertinent server in the \bin directory of the application installed by the “TrustID® Revoke Server Setup” module. In a default installation, this directory is usually under the path: “C:\Inetpub\wwwroot\ RevokeClientWS\bin”.

If there is not a valid license file on a computer, an error message is displayed in the TrustID® Revoke event log:

Figure 16: Error message if there is no valid license file.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 15 of 17

5 Index of images

Figure 01: Selecting the Web site, virtual directory and application pool. .................................................... 5

Figure 02: Wizard for the connection to the database. .................................................................................. 6

Figure 03: Configuring the connection parameters to the database. ............................................................ 6

Figure 04: Selecting the web site where the application was installed. ......................................................... 7

Figure 05: Selecting the folder where the Revoke server was installed. ........................................................ 7

Figure 06: TrustID Revoke Server in the program list. .................................................................................... 8

Figure 07: Selecting the Web site, virtual directory and application pool. .................................................... 9

Figure 08: Wizard for the connection to the database .................................................................................10

Figure 09: Configuring the connection parameters to the database. ..........................................................10

Figure 10: Selecting the web site where the application was installed ........................................................11

Figure 11: TrustID Revoke Administration Web Service in the program list. ...............................................11

Figure 12: Selecting the Web site, virtual directory and application pool ...................................................12

Figure 13: Selecting the web site where the application was installed. .......................................................13

Figure 14: TrustID Revoke Administration Web Site in the program list ......................................................13

Figure 15: Accessing the computer DNS name. ............................................................................................14

Figure 16: Error message if there is no valid license file. ..............................................................................14

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 16 of 17

6 Resources

For information about the different SealSign services available, please go to this address:

https://www.elevenpaths.com/technology/sealsign/index.html

Also, on the ElevenPaths blog you can find interesting articles and innovations regarding this product.

You can find more information about Eleven Paths products on YouTube, on Vimeo and on Slideshare.

2015 © Telefonica Digital Identity & Privacy, S.L.U. All Rights Reserved. Page 17 of 17

PUBLICATION

October 2015

At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.

Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.

Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.

IF YOU WISH TO KNOW MORE ABOUT US, PLEASE CONTACT US AT:

elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths

The information disclosed in this document is the property of Telefónica Digital Identity & Privacy, S.L.U. (“TDI&P”) and/or any other entity within Telefónica Group and/or its licensors. TDI&P and/or any Telefonica Group entity or TDI&P’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information is this document is subject to change at any time, without notice.

Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDI&P.

This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.

TDI&P shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.

TDI&P and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks. All rights reserved.