Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Upgrade

Upgrade from VAE to CADP for C

search

Please Note:

printsuggest an edit

Upgrade from VAE to CADP for C

Upgrading VAE to CADP For C On Linux

Upgrading VAE to CADP For C On Windows

Note

In case you have set the BACKWARD_COMPATIBILITY_VAE Compatibility parameter as 'NO', and CADP for C is running successfully on your machine, it is recommended to uninstall VAE from the machine at your convenience.

copy link to clipboardUpgrading VAE to CADP for C on Linux

Before upgrading VAE to CADP for C, Thales recommends that you save your existing VAE configuration such as your certificates.

When upgrading VAE to CADP for C, you will use the CADP for C installation script. The upgrade procedure from VAE to CADP for C is essentially the same as a fresh install of CADP for C. However, with the upgrade, you are prompted to indicate whether you wish to maintain backward compatibility with VAE as the installer detects VAE is currently installed on your system. As part of the upgrade, a backup of the VAE library will need to be taken and a soft link from the VAE library (/opt/vormetric/DataSecurityExpert/agent/pkcs11/lib/libvorpkcs11.so) to the CADP for C PKCS#11 library (libcadp_pkcs11.so) will need to be created.

You have the option to upgrade VAE to CADP for C with or without admin rights. When you upgrade VAE to CADP for C with admin rights (as a root user), then as part of the upgrade process, the backup of the VAE library will be taken and a soft link between the two libraries will be created. If you are upgrading from VAE to CADP for C without using admin rights, then you will need to manually backup the VAE library and create the soft link after the upgrade. These final steps do require the use of admin rights as accessing the folder /opt requires the use of admin rights.

Note

Thales recommends that you perform the entire upgrade procedure using admin rights.

The steps for upgrading from VAE to CADP for C with or without admin rights are essentially the same. When you get to the step to install the CADP for C program (Step 5), you will do so using admin rights or no admin rights. If you choose to upgrade without the use of admin rights, then proceed to Backing Up VAE Library and Creating Soft Link between the Libraries after the upgrade. These steps are required.

For information about the CADP for C directory that is installed after the upgrade, refer to Installed Directory on Linux or Installed Directory on Windows depending on which OS you are using.

copy link to clipboardUsing Installation Script for Upgrade

To upgrade VAE to CADP for C:

  1. Download the CADP for C installation file from the Thales Customer Support Portal.

  2. Log on to the client machine on which to install CADP for C.

  3. Unzip and untar the installation file. The untar process creates a directory called CADP_for_C-x.xx.0.000.

    tar xvfz "CADP_for_C-x.xx.0.000.tar.gz"

  4. Navigate to the CADP_for_C-x.xx.0.000 directory.

    cd CADP_for_C-x.xx.0.000

  5. Upgrade CADP for C by running install.sh:

    With admin rights:

    sudo ./install.sh

    Without admin rights:

    ./install.sh

    The next screen displays the End User License Agreement.

  6. Read the agreement. If you agree with the terms of the end-user license agreement, accept it by entering Yfor yes.

    Do you accept the terms of the End User License Agreement(Y/N)[N]? Y

  7. Specify the folder <install_folder> in which to store the installation to complete the upgrade. The default folder is /opt. If you wish to change this, enter the name of the folder to use for this upgrade. Otherwise, press Enter to accept the default.

    Install CADP for C to path [/opt]:<install_folder>

  8. Enter the Key Management Server information to be used to communicate with the CipherTrust Manager. Follow the prompts to enter the information as per your environment.

    Key Management Server IP Address/Hostname:<cm_ip>             /IP address or hostname of the CipherTrust Manager.
Key Management Server Port:<cm_port>                     /Server port number of the CipherTrust Manager interface.

  9. Indicate whether to maintain backward comptability with VAE:

    Maintain Backward Compatibility with VAE (y/n)[y]:<yes or no>        /Indicate whether you wish to maintain backwardcompatibility with VAE.

    1. If you wish to maintain backward compatibility with VAE, enter y for yes. With this setting, the Client_Compatibility_Mode in the CADP for C PKCS#11 property file (CADP_PKCS11.properties) will be set to LegacyVAE during the upgrade: Client_Compatibility_Mode=LegacyVAE. The Client_Compatibility_Mode indicates the mode in which the PKCS#11 library runs. In the LegacyVAE mode, the CADP for C PKCS#11 library will execute specific functionality associated with the legacy VAE. If you enter y, the following message displays: upgrading from VAE. Proceed to step 10.

    2. If you do not wish to maintain backward compatibility with VAE, enter nfor no. With this setting, the compatiblity mode of CipherTrust, which is the default setting, will be used in the CADP for C PKCS#11 property file: Client_Compatibility_Mode= CipherTrust. In CipherTrust mode, the CADP for C PKCS#11 library will execute functionality associated with the converged CADP for C features. If you enter n, proceed to step 11.

  10. Enter the user credentials to log into the CipherTrust Manager and then proceed to Step 13:

    Key Management Server username:<cm_user>            /Username associated with the user account to use to log into the CipherTrust Manager. For example, 'admin'.
Key Management Server user password:<cm_user_password>     /Password (associated with the username) to use to log into the CipherTrust Manager.
Enter PIN for Login:<vae pin>                       /VAE PIN used to access PKCS#11 API functions for encryption and key management.

    Note

    The VAE PIN is the original PIN created during the machine or host registration between the VAE and Data Security Manager (DSM). Besides using the VAE PIN to encrypt the client private key associated with the client certificate that establishes a secure channel between the VAE and the Key Manager (previously, Data Security Manager (DSM) and after the upgrade, CipherTrust Manager), this PIN is also used to log on to PKCS#11 enabling you to access the PKCS#11 API functions for encryption and key management. As an application developer, provide this PIN as an argument of the C_Login API.

  11. Enter the protocol to use for communication between the client and the CipherTrust Manager:

    Key Management Server Protocol (ssl/tcp)[ssl]:<protocol>   /Protocol to use for communication between the client and the CipherTrust Manager.

    If you specified to use tcp for the protocol, then after entering requested information at this step and a successful installation, the message CADP for C Installation is completed displays: 

    CADP for C Installation is completed!

You can edit the configuration files located at:
/opt/CipherTrust/CADP for C/CADP_PKCS11.properties
/opt/CipherTrust/CADP for C/CADP_CAPI.properties

    If you specified to use ssl for the protocol, then proceed to the next step.

  12. Enter the username and password to log into the CipherTrust Manager as well as the passphrase to be used to protect the private key:

    Key Management Server username:<cm_user>                   /Username associated with the user account to use to log into the CipherTrust Manager. For example, 'admin'.
Key Management Server user password:<cm_user_password>     /Password (associated with the username) to use to log into the CipherTrust Manager.
Enter Passphrase to protect private key:     /The passphrase associated with the private key.

  13. Enter the information to be incorporated into a Certificate Signing Request (CSR) for the SSL client certificate:

    Note

    VAE only uses the SSL protocol for communication with the Key Manager (DSM previously and CipherTrust Manager after the upgrade). When you selected to maintain backward compatibility with VAE, SSL is automatically selected as the protocol to use.

    copy link to clipboard!yaml

    ====Enter information that will be incorporated into your certificate request.====

    Country code (2 letter code e.g., US): State or Province name (e.g., California): Locality or city name (e.g., San Jose): Organization name (e.g., company): Organization Unit name (e.g., Section): Common Name (e.g., your name or your server's hostname): Email Address (optional):

    For example:

    ====Enter information that will be incorporated into your certificate request.====

Country code (2 letter code e.g., US): IN
State or Province name (e.g., California): UP
Locality or city name (e.g., San Jose): Noida
Organization name (e.g., company): Thales
Organization Unit name (e.g., Section): Eng
Common Name (e.g., your name or your server's hostname): Server1x
Email Address (optional):

    On successful installation, the message CADP for C Installation is completed displays. 

    CADP for C Installation is completed!

You can edit the configuration files located at:
/opt/CipherTrust/CADP_for_C/CADP_PKCS11.properties
/opt/CipherTrust/CADP_for_C/CADP_CAPI.properties

copy link to clipboardSilent Upgrade on Linux

To upgrade VAE to CADP for C on Linux silently:

  1. Modify the BACKWARD_COMPATIBILITY_VAE parameter in cadp_for_c_basic.conf file as per your environment.

  2. Execute the following command:

    sudo ./install.sh -c <path_to_conf_file>/cadp_for_c_basic.conf -d <install_folder> -y

If you completed the upgrade of VAE to CADP for C (without the use of admin rights), perform the following steps:

  1. Log on to the client machine on which CADP for C is installed as a user with admin rights.

  2. Access the directory in which the libvorpkcs11.so is located:

    For example:

    cd /opt/vormetric/DataSecurityExpert/agent/pkcs11/lib/

  3. Backup the VAE library libvorpkcs11.so as libvorpkcs11.so.save:

    mv libvorpkcs11.so libvorpkcs11.so.save

  4. Create a soft link from the VAE library libvorpkcs11.so to the CADP for C PKCS#11 library (libcadp_pkcs11.so):

    *ln –s libcadp_pkcs11.so /opt/vormetric/DataSecurityExpert/agent/pkcs11/lib/libvorpkcs11.so

    where ln -s is a soft link file

  5. Stop the vaed service.

    cd /opt/vormetric/DataSecurityExpert/agent/pkcs11/etc/init.d/
./vaed stop

Note

The vaed service is stopped as this is not required for upgraded libvorpkcs11.so library.

copy link to clipboardUpgrading VAE to CADP for C on Windows

Note

You must have admin rights to upgrade from VAE to CADP for C on Windows.

copy link to clipboardUsing GUI-based Upgrade

When upgrading VAE to CADP for C, use the setup executable (setup.exe) file, which is also used to install CADP for C. There are a couple of differences between the upgrade procedure from VAE to CADP for C and the installation procedure for CADP for C as can be seen during the initial part of the upgrade. After the setup starts during an upgrade, the installation wizard detects that VAE is installed. The first prompt that displays is the following:

Prompt for Upgrade from VAE to CADP for C

Select Yes to proceed with the upgrade.

Now, when you get to the the Protocol Information page (Step 5 as described in the GUI based Installation procedure (Windows), the Maintain Backward Compatibility with VAE option is included within this page:

Maintain Backward Compatibility with VAE

From the drop-down box, select the following:

Yes - If you wish to maintain backward compatibility with VAE, select Yes. With this setting, a backup of the VAE library (vorpkcs11.dll) will be made during the upgrade by the name (vorpkcs11.dll.save). By default, this library is located in C:\Program Files\Vormetric\DataSecurityExpert\Agent\pkcs11\bin\. Also with this setting, the CADP for C PKCS#11 library libcadp_pkcs11.dll will be renamed as vorpkcs11.dll and then added to the mentioned default Vormetric folder. In addition, the Client_Compatibility_Mode in the CADP for C PKCS#11 property file (CADP_PKCS11.properties) will be set to LegacyVAE: Client_Compatibility_Mode=LegacyVAE. The Client_Compatibility_Mode indicates the mode in which the PKCS#11 library runs. In LegacyVAE mode, the CADP for C PKCS#11 library will execute specific functionality associated with the legacy VAE.

No - If you do not wish to maintain backward compatibility with VAE, select No. With this setting, the compatiblity mode of CipherTrust, which is the default setting, will be used in the CADP for C PKCS#11 property file: Client_Compatibility_Mode= CipherTrust. In CipherTrust mode, the CADP for C PKCS#11 library will execute functionality associated with the converged CADP for C features.

copy link to clipboardSilent Upgrade on Windows

To upgrade VAE to CADP for C on Windows silently:

  1. Modify the BACKWARD_COMPATIBILITY_VAE parameter in cadp_for_c_basic.conf file as per your environment.

  2. Execute the following command:

    setup.exe /S /v"/qn CONFIGPATH=<path of cadp_for_c_basic.conf file>"

    For example:

    setup.exe /S /v"/qn CONFIGPATH=C:\Users\Administrator\Desktop\cadp_for_c_basic.conf"

On this page