Installing CADP for C on Linux
This section covers how to install CADP for C on Linux. You can install CADP for C on Linux in the following two ways:
Note
To generate SSL/TLS certificates using the CADP for C installer, the CipherTrust Manager user must have the CA Admins, Read-Only Admins, and Key Users privileges.
Using Installation Script
Note
• If you plan to use an external Certificate Authority (CA) with the CipherTrust Manager and CADP for C, then you will need to configure the SSL settings for the CADP for C (client) manually. During the CADP for C installation, enter TCP as the Key Management Server Protocol when prompted. Then after the installation, manually configure the client for SSL settings. Refer to Configuring the Client for more information.
• If you plan to use multiple CM servers/Cluster, you can proceed with installing the certificates by providing a single CM IP in the installer first. Post-installation, you can manually configure the client for multiple servers.
Download the CADP for C installation file from the Thales Customer Support Portal.
Log on to the client machine on which to install CADP for C.
Unzip and untar the installation file. The untar process creates a directory called CADP_for_C-x.xx.0.000.
tar xvfz "CADP_for_C-x.xx.0.000.tar.gz"Navigate to the CADP_for_C-x.xx.0.000 directory.
cd CADP_for_C-x.xx.0.000Install CADP for C by running
install.sh.sudo ./install.shThe next screen displays the End User License Agreement.
Read the agreement. If you agree with the terms of the end-user license agreement, accept it by entering
Yfor yes.Do you accept the terms of the End User License Agreement(Y/N)[N]? YSpecify the installation folder
<install_folder>in which to store the installation to complete the installation. The default folder is/opt. If you wish to change this, enter the name of the folder to use for this installation. Otherwise, press Enter to accept the default.Install CADP for C to path [/opt]:<install_folder>Enter the Key Management Server information to be used to communicate with the CipherTrust Manager. After providing the Server IP Address/Hostname, you will be prompted with the message "Do you want to use Registration Token(y/n)". Default value is 'n'.
If you enter 'y':
- You need to enter Server IP Address/Hostname, Server Port, Registration token, and Passphrase (to protect client's private key). To know more about creating a registration token, click here.
Note
• Registration token is supported with CipherTrust Manager 2.15.0 and above.
• Registration token must be provided in ASCII formatIf you are using Domain CA while creating the client profile, refer to the steps mentioned on this link.
#!yaml Key Management Server IP Address/Hostname: /IP address or hostname of the CipherTrust Manager. Key Management Server Port [9000]:<cm_port> /Server port number of the CipherTrust Manager interface. Do you want to use registration token (y/n): y Key Management Registration Token: <registration_token> /Registration Token created on the CipherTrust Manager. Enter Passphrase to protect private key: /Passphrase to protect private keyIf you enter 'n':
- Installer will proceed without the registration token as earlier. Follow the prompts to enter the information as per your environment.
Key Management Server IP Address:<cm_ip> /IP address or hostname of the CipherTrust Manager. Key Management Server Port [9000]:<cm_port> /Server port number of the CipherTrust Manager interface. Key Management Server Protocol (ssl/tcp)[ssl]:<protocol> /Protocol to use for communication between the client and the CipherTrust Manager. Key Management Server username:<cm_user> /Username associated with the user account to use to log into the CipherTrust Manager. For example, 'admin'. Key Management Server user password:<cm_user_password> /Password (associated with the username) to use to log into the CipherTrust Manager.
- Installer will proceed without the registration token as earlier. Follow the prompts to enter the information as per your environment.
Note
• In case of TCP protocol, make sure you enter the correct IP address and TCP port as any invalid entry may cause error and can only be caught after running the sample application.
• After installation, if you have selected SSL protocol, ensure that there is no error log present in<install_folder>/logs/cadp_for_c_basic.log. If there are any error in the logs, you need to re-run the installer with correct values..If you specified to use the SSL protocol in the previous step, enter the information to be incorporated into a Certificate Signing Request (CSR) for the SSL client certificate:
Enter Passphrase to protect private key: /The passphrase associated with the private key. ====Enter information that will be incorporated into your certificate request.==== Country code (2 letter code e.g., US): State or Province name (e.g., California): Locality or city name (e.g., San Jose): Organization name (e.g., company): Organization Unit name (e.g., Section): Common Name (eg, your name or your server's hostname): Email Address (optional):For example:
Enter Passphrase to protect private key: ====Enter information that will be incorporated into your certificate request.==== Country code (2 letter code e.g., US): IN State or Province name (e.g., California): UP Locality or city name (e.g., San Jose): Noida Organization name (e.g., company): Thales Organization Unit name (e.g., Section): DIS Common Name (eg, your name or your server's hostname): Server1x Email Address (optional):On successful installation, the message
CADP for C is completeddisplays.CADP for C Installation is completed! You can edit the configuration files located at: /opt/CipherTrust/CADP for C/CADP_PKCS11.properties /opt/CipherTrust/CADP for C/CADP_CAPI.properties
Silent Installation
For the silent installation on Linux, you will need to provide the basic configuration settings in the configuration file named cadp_for_c_basic.conf first. During the silent installation, the CADP_PKCS11.properties and CADP_CAPI.properties files are automatically updated with the settings you provide in the configuration file.
For more information about the configuration file and how to configure it, see Modifying the CADP for C Configuration File.
To install CADP for C on Linux silently:
Modify the
cadp_for_c_basic.conffile as per your environment. If you want to use the registration token while installing CADP for C, you must update the config file with a new parameter REG_TOKEN. The default value of this parameter would be empty.If you provide the value of REG_TOKEN, provide the details of SERVER_IP, SERVER_PORT, and PASSPHRASE)
If the value of REG_TOKEN is empty, then installer will proceed without the registration token as earlier.
Execute the following command:
sudo ./install.sh -c <path_to_conf_file>/cadp_for_c_basic.conf -d <install_folder> -yWhere:
-c: Indicates the path to the 'cadp_for_c_basic.conf' configuration file.
-d: Indicates the path to the CADP for C installation folder in which to store the installation.
-y: Indicates to accept end-user license agreement (EULA).
For example:
[user@test CADP_for_C-8.14.0.00X]#sudo ./install.sh -c utilities/cadp_for_c_basic.conf -d /home/CADP_for_C -y CADP for C Installation is completed! You can edit the configuration files located at: /home/CADP_for_C/CipherTrust/CADP_for_C/CADP_PKCS11.properties /home/CADP_for_C/CipherTrust/CADP_for_C/CADP_CAPI.propertiesOn successful installation, the message
CADP for C Installation is completed!displays.
Note
After installation, if you have selected SSL protocol, ensure that there is no error log present in <install_folder>/logs/cadp_for_c_basic.log. If there are any error in the logs, you need to re-run the installer with correct values.
Client Certificate Renewal
To know how to renew the client certificate, click here.
