Installing CAKM for Oracle TDE on Windows

You can install CAKM for Oracle TDE using GUI Based Installation or in silent mode. In both ways:

• For External CA configuration, first complete the installation with the TCP protocol. Then, manually configure the SSL settings by updating the required parameters (client cert, client key, and external CA) in the CADP_PKCS11.properties file.

• To set up the SSL configuration manually after installation with TCP, follow the steps mentioned in Setting up SSL/TLS.

After installing CAKM for Oracle TDE, you need to perform some additional steps, as described in Post-installation Steps.

GUI Based Installation

1. Download the CAKM for Oracle TDE setup file from the Thales Customer Support Portal.

2. Double-click the setup.exe to start the InstallShield Wizard. The Welcome screen appears. Click Next.

   

3. Accept the license agreement and click Next.

   

4. Click Change to select a different location. You can click Next to continue with the default installation directory.

   

5. Select the Server Protocol. The options are tcp and ssl.

   If you select the Server Protocol as tcp

   

   1. Specify the following mandatory fields:

      • Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.

      • Server Port: Specify the server port of the NAE interface.

      

   2. Click Next.

   If you select the Server Protocol as ssl

   

   1. Specify the following mandatory fields:

      • User name: Specify the username of the CipherTrust Manager.

      • Password: Specify the password of the CipherTrust Manager.

      • Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.

      • Server Port: Specify the server port of the NAE interface.

      

   2. Click Next and specify the following certificate information:

      • Common Name (mandatory field)

      • Passphrase (mandatory field)

      • State

      • City

      • Organization Name

      • Organization Unit

      • Country

      • Email Address

      

   3. Click Next.

6. Click Install to begin the installation process.

   

7. Click Finish to exit the installation wizard.

   

Now, you need to perform Post-installation Steps.

Silent Installation

For silent installation, provide basic configuration settings (such as, SERVER_IP, SERVER_PORT, SERVER_PROTOCOL, and more) in the cakm_for_oracle_tde_basic.conf file available in the path C:\Program Files\CipherTrust\CAKM For SQLServerEKM\utilities. These settings are updated automatically in the CADP_PKCS11.properties file after the silent installation is complete.

To install CAKM for Oracle TDE silently:

1. Enter all the details in cakm_for_oracle_tde_basic.conf file.

2. Execute the following command:

   setup.exe /s /v"/qn CONFIGPATH=<path of cakm_for_oracle_tde_basic.conf file>"
   

Now, you need to perform Post-installation Steps.

Post-installation Steps

1. Create a %SYSTEM_DRIVE%\oracle\extapi\<ARCH>\hsm\CipherTrust\CAKM_for_Oracle_TDE directory. Where %SYSTEM_DRIVE% is a drive on the database server (for example, C: or D:) and <ARCH> is the system architecture (either 32 or 64).

   This point onward, in this document, <ARCH> is used as 64. If the system architecture is different, adjust the value accordingly.

2. Copy the libcadp_pkcs11.dll file from C:\Program Files\CipherTrust\CAKM_for_Oracle_TDE to %SYSTEM_DRIVE%\oracle\extapi\64\hsm\CipherTrust\CAKM_for_Oracle_TDE.

After installing CAKM for Oracle TDE, you can further configure CAKM for Oracle TDE to meet the needs of your environment. Refer to the Configuring CAKM for Oracle TDE for details.