Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Installation

Installing CADP for C on Linux

search

Please Note:

printsuggest an edit

Installing CADP for C on Linux

This section covers how to install CADP for C on Linux. You can install CADP for C on Linux in the following two ways:

Note

  • To generate SSL/TLS certificates using the CADP for C installer, the CipherTrust Manager user must have the CA Admins, Read-Only Admins, and Key Users privileges.

  • The system admin needs to check the user and group permissions for non-root users who need to access the installation directory and files.

copy link to clipboardUsing Installation Script

Note

  • If you plan to use an external Certificate Authority (CA) with the CipherTrust Manager and CADP for C, then you will need to configure the SSL settings for the CADP for C (client) manually. During the CADP for C installation, enter TCP as the Key Management Server Protocol when prompted. Then after the installation, manually configure the client for SSL settings. Refer to Configuring the Client for more information.

  • If you plan to use multiple CM servers/Cluster, you can proceed with installing the certificates by providing a single CM IP in the installer first. Post-installation, you can manually configure the client for multiple servers.

  1. Download the CADP for C installation file from the Thales Customer Support Portal.

  2. Log on to the client machine on which to install CADP for C.

  3. Unzip and untar the installation file. The untar process creates a directory called CADP_for_C-x.xx.0.000.

    tar xvfz "CADP_for_C-x.xx.0.000.tar.gz"

  4. Navigate to the CADP_for_C-x.xx.0.000 directory.

    cd CADP_for_C-x.xx.0.000

  5. Install CADP for C by running install.sh.

    sudo ./install.sh

    The next screen displays the End User License Agreement.

  6. Read the agreement. If you agree with the terms of the end-user license agreement, accept it by entering Yfor yes.

    Do you accept the terms of the End User License Agreement(Y/N)[N]? Y

  7. Specify the installation folder <install_folder> in which to store the installation to complete the installation. The default folder is /opt. If you wish to change this, enter the name of the folder to use for this installation. Otherwise, press Enter to accept the default.

    Install CADP for C to path [/opt]:<install_folder>

  8. Enter the Key Management Server information to be used to communicate with the CipherTrust Manager. After providing the Server IP Address/Hostname, you will be prompted with the message "Do you want to use Registration Token(y/n)". Default value is 'n'.

    1. If you enter 'y':

      • You need to enter Server IP Address/Hostname, Server Port, Registration token, and Passphrase (to protect client's private key). To know more about creating a registration token, click here.

      Note

      • Registration token is supported with CipherTrust Manager 2.15.0 and above.
      • Registration token must be provided in ASCII format.

      If you are using Domain CA while creating the client profile, refer to the steps mentioned on this link.

      #!yaml
Key Management Server IP Address/Hostname:                 /IP address or hostname of the CipherTrust Manager.
Key Management Server Port [9000]:<cm_port>                /Server port number of the CipherTrust Manager interface.
Do you want to use registration token (y/n): y
Key Management Registration Token: <registration_token>    /Registration Token created on the CipherTrust Manager.
Enter Passphrase to protect private key:                   /Passphrase to protect private key

    2. If you enter 'n':

      • Installer will proceed without the registration token as earlier. Follow the prompts to enter the information as per your environment.
        Key Management Server IP Address:<cm_ip>                   /IP address or hostname of the CipherTrust Manager.
Key Management Server Port [9000]:<cm_port>                /Server port number of the CipherTrust Manager interface.
Key Management Server Protocol (ssl/tcp)[ssl]:<protocol>   /Protocol to use for communication between the client and the CipherTrust Manager.
Key Management Server username:<cm_user>                   /Username associated with the user account to use to log into the CipherTrust Manager. For example, 'admin'.
Key Management Server user password:<cm_user_password>     /Password (associated with the username) to use to log into the CipherTrust Manager.

    Note

    • In case of TCP protocol, make sure you enter the correct IP address and TCP port as any invalid entry may cause error and can only be caught after running the sample application.
    • After installation, if you have selected SSL protocol, ensure that there is no error log present in <install_folder>/logs/cadp_for_c_basic.log. If there are any error in the logs, you need to re-run the installer with correct values.

  9. If you specified to use the SSL protocol in the previous step, enter the information to be incorporated into a Certificate Signing Request (CSR) for the SSL client certificate:

    Enter Passphrase to protect private key: /The passphrase associated with the private key.

====Enter information that will be incorporated into your certificate request.====

Country code (2 letter code e.g., US):
State or Province name (e.g., California):
Locality or city name (e.g., San Jose):
Organization name (e.g., company):
Organization Unit name (e.g., Section):
Common Name (eg, your name or your server's hostname):
Email Address (optional):

    For example:

    Enter Passphrase to protect private key:
====Enter information that will be incorporated into your certificate request.====

Country code (2 letter code e.g., US): IN
State or Province name (e.g., California): UP
Locality or city name (e.g., San Jose): Noida
Organization name (e.g., company): Thales
Organization Unit name (e.g., Section): DIS
Common Name (eg, your name or your server's hostname): Server1x
Email Address (optional):

    On successful installation, the message CADP for C is completed displays. 

    CADP for C Installation is completed!

You can edit the configuration files located at:
/opt/CipherTrust/CADP for C/CADP_PKCS11.properties
/opt/CipherTrust/CADP for C/CADP_CAPI.properties

copy link to clipboardSilent Installation

For the silent installation on Linux, you will need to provide the basic configuration settings in the configuration file named cadp_for_c_basic.conf first. During the silent installation, the CADP_PKCS11.properties and CADP_CAPI.properties files are automatically updated with the settings you provide in the configuration file.

For more information about the configuration file and how to configure it, see Modifying the CADP for C Configuration File.

To install CADP for C on Linux silently:

  1. Modify the cadp_for_c_basic.conf file as per your environment. If you want to use the registration token while installing CADP for C, you must update the config file with a new parameter REG_TOKEN. The default value of this parameter would be empty.

    1. If you provide the value of REG_TOKEN, provide the details of SERVER_IP, SERVER_PORT, and PASSPHRASE)

    2. If the value of REG_TOKEN is empty, then installer will proceed without the registration token as earlier.

  2. Execute the following command:

    sudo ./install.sh -c <path_to_conf_file>/cadp_for_c_basic.conf -d <install_folder> -y

    Where:

    • -c: Indicates the path to the 'cadp_for_c_basic.conf' configuration file.

    • -d: Indicates the path to the CADP for C installation folder in which to store the installation.

    • -y: Indicates to accept end-user license agreement (EULA).

    For example: 

    [user@test CADP_for_C-8.14.0.00X]#sudo ./install.sh -c utilities/cadp_for_c_basic.conf -d /home/CADP_for_C -y
CADP for C Installation is completed!
You can edit the configuration files located at:
/home/CADP_for_C/CipherTrust/CADP_for_C/CADP_PKCS11.properties
/home/CADP_for_C/CipherTrust/CADP_for_C/CADP_CAPI.properties

    On successful installation, the message CADP for C Installation is completed! displays.

Note

After installation, if you have selected SSL protocol, ensure that there is no error log present in <install_folder>/logs/cadp_for_c_basic.log. If there are any error in the logs, you need to re-run the installer with correct values.

copy link to clipboardClient Certificate Renewal

To know how to renew the client certificate, click here.

On this page