Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Administration

Installing CAKM for Microsoft SQL Server EKM Provider

search

Installing CAKM for Microsoft SQL Server EKM Provider

You can install CAKM for Microsoft SQL Server EKM Provider in the following two ways:

Note

  • For External CA configuration, complete the installation with TCP protocol and then go for Manual configuration for SSL setting by updating the required parameters (client cert, client key, and external CA) in cakm_mssql_ekm.properties file.
  • If you want to use the SSL protocol, you need to configure SSL using the steps mentioned in the Setting up SSL/TLS section.
  • To change the configuration, refer to the Configuring the Properties File section.

Caution

  • To install the CAKM for Microsoft SQL Server EKM provider, you should have the CA Admins, Read-Only Admins, and Key Users privileges.

  • To generate the certificate automatically, port 443 must be enabled between client and CipherTrust Manager.

  • The default path of log file is where the CAKM For MSSQL EKM is installed.
    For example, if CAKM for SQL EKM is installed on the path C:\Program Files\CAKM For SQL EKM, then EKM logs will be created at C:\Program Files\CAKM For SQL EKM\logs\cakm_sql_ekm_wrapper.log. Moreover, you can also change the path by updating the MS_Sql_Ekm_Log parameter in cakm_mssql_ekm.properties file.

  • Ensure that you provide the path and file name of the log file in Log_Fileparameter of cakm_mssql_ekm.properties file.

GUI Based Installation

Note

Microsoft SQL Server Service must be restarted after installation, upgradation, uninstallation, and changing configuration of the provider.

  1. Download and unzip the CAKM for Microsoft SQL Server EKM Provider.

  2. Double-click the setup.exe to launch the InstallShield Wizard. The Welcome screen appears. Click Next.

  3. Accept the license agreement and click Next.

  4. Click Change to select a different location. You can click Next to continue with the default installation directory.

  5. Select the Server Protocol. The options are tcp and ssl.

    Server Protocol as tcp

    If you select the Server Protocol as tcp:

    1. Specify the following mandatory fields:

      • Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.

      • Server Port: Specify the server port of the NAE interface.

    2. Click Next.

    Server Protocol as ssl

    If you select the Server Protocol as ssl:

    1. Specify the following mandatory fields:

      • User name: Specify the username of the CipherTrust Manager.

      • Password: Specify the password of the CipherTrust Manager.

      • Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.

      • Passphrase: Specify the passphrase to encrypt the client key.

      • Server Port: Specify the server port of the NAE interface.

    2. Click Next and specify the following certificate information:

      • Common Name (mandatory field)

      • State

      • City

      • Organization Name

      • Organization Unit

      • Country

      • Email Address

    3. Click Next.

  6. Click Install to begin the installation process.

  7. Click Finish to exit the installation wizard.

Silent Installation

Note

Microsoft SQL Server Service must be restarted after installation, upgradation, uninstallation, and changing configuration of the provider.

For silent installation, cakm_basic.conf file is used to provide basic configuration settings (such as, SERVER_IP, SERVER_PORT, SERVER_PROTOCOL, and more). These settings are updated automatically into the cakm_mssql_ekm.properties file once the silent installation is complete.

Note

The USER_CREDENTIALS_ENCRYPTED parameter in the cakm_basic.conf file refers to the encrypted state of the User Credentials (NAE_USER, NAE_PASSWORD, and PASSPHRASE) in case of SSL. Enabling or Disabling this parameter will allow the user credentials to be provided in encrypted text or plain text respectively. This encrypted text can only be generated using PassPhraseSecure utility. If nothing is specified, the default value is considered as N.

To install the CAKM for Microsoft SQL Server EKM provider silently, enter all the details in cakm_basic.conf file and execute the following command:

setup.exe /s /v"/qn CONFIGPATH=<path of cakm_basic.conf file>"

For example:

setup.exe /s /v"/qn CONFIGPATH=C:\Users\Administrator\Desktop\cakm_basic.conf"

Above command installs CAKM for Microsoft SQL Server EKM on a default path. If you want to install CAKM for Microsoft SQL Server EKM provider on a specific path, execute the following command:

setup.exe /s /v"/qn CONFIGPATH=<Config file path>\cakm_basic.conf INSTALLDIR=<Installation dir path>"

If the path (CONFIGPATH or INSTALLDIR) contains space, then path must be provided in quotes (" ") with escape character (\).

setup.exe /s /v"/qn CONFIGPATH=\"<Config file path>\cakm_basic.conf\" INSTALLDIR=\"<Installation dir path>\""

Caution

Do not use cakm_basic.exe for any operation.

Note

  • The default path of log file is where the CAKM For MSSQL EKM is installed.
    For example, if CAKM for SQL EKM is installed on the path C:\Program Files\CAKM For SQL EKM, then EKM logs will be created at C:\Program Files\CAKM For SQL EKM\logs\cakm_sql_ekm_wrapper.log. Moreover, you can also change the path by updating the MS_Sql_Ekm_Log parameter in cakm_mssql_ekm.properties file.
  • Ensure that you provide the path and file name of the log file in Log_File parameter.

After installation, you can further configure the Microsoft SQL Server EKM provider to meet the needs of your environment. For more details, refer to the Configuring the Properties File section.

To uninstall or upgrade the CAKM for Microsoft SQL Server EKM provider, refer to the following sections:

On this page