Installing CT-V as .Net Web Services

This topic lets you install CT-V as the Web Services.

Prerequisites

The prerequisites of installing .Net based CT-V are:

• Before you use the installer file, the .Net Framework and Java must already be installed, and you must create a Token Vault.

• If CT-V is already installed, the first run of installer deletes it. Use the installer again and you are given a choice of installing either traditional CT-V or the CT-V WebService. The new installed version includes all build and sample files.

  Note

  • Before installing .Net based CT-V 8.12.3, uninstall CT-V 8.4.0 or any lower version manually, if already installed; else the installation will fail.

  • .Net versions below 4.0 are not supported.

• Make sure that you set up the JAVA_HOME variable to <Java Install Directory>/jre as a system variable and add <JAVA_HOME/jre/bin/server> (for Java 10/11/17, <JAVA_HOME/bin/server>) to system path variable.

• Set the JAVA_HOME variable to the location of your JVM. The JVM version must be 7 (minimum 1.7.0_121), 8 (minimum 1.8.0_111), 10, 11, or 17. When using JRE, the jar and properties files will be placed in <JAVA_HOME/lib/ext>. On using JDK, the jar and properties files are placed in <JAVA_HOME/jre/lib/ext>. For Java 10/11/17, the jar and properties files are placed in the default location <C:\Program Files\SafeNet>. Make sure that the location is part of your CLASSPATH.

• Download the encryption policy files for unlimited strength ciphers (US_export_policy.jar and local_policy.jar) and install them in <JAVA_HOME/lib/security>. You need these to use AES-256 keys.

  For Sun/Oracle Java, download corresponding version of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from: https://www.oracle.com/technetwork/java/javase/downloads/index.html

  Note

  For Java 10, 11, and 17, the encryption policy files are not required to be installed separately.

• The KeySecure Classic allows the clients to perform key and policy configuration operations. Make sure that the Allow Key and Policy Configuration Operations field is enabled on the Cryptographic Key Server Properties section on the Cryptographic Key Server Configuration page (Navigate to Device >> Key Server. Select NAE-XML.)

• Remove any earlier versions of the CADP JCE Provider (IngrianNAE-x.x.x.jar) from <JAVA_HOME/lib/ext> or <JAVA_HOME/jre/lib/ext>. Any existing older version of the IngrianNAE jar file can abort the installation process immediately with an error.

• You cannot simply rename the old jar file. It must be deleted or moved to a directory other than JAVA_HOME; otherwise, the JVM will still find it, even if it has a file name that does not end in .jar.

• Create a backup of any existing IngrianNAE.properties file. The installer copies your previous settings to the new properties file, but any embedded comments can be lost. Keeping a copy of your old properties file helps you if troubleshooting is necessary.

• Have access to a database user account with the following permissions:

  • CREATE TABLE

  • SELECT on the token vault table

  • INSERT on the token vault table

  • DELETE on the token vault table

  • UPDATE on the token vault table

• If you have multiple instances or versions of Java on your machine, ensure that the following are true before testing the CT-V:

  • The CLASSPATH variable lists the JDK/JRE instance that holds the CT-V files. If the CLASSPATH variable includes multiple JDKs or JREs, the instance used by the CT-V must be listed before the others.

  • If the CADP JCE is not installed in JAVA_HOME/lib/ext, the CLASSPATH variable includes the IngrianNAE- 8.12.2.000.jar file included in this software.

  • No other java bin directories occur before the system32 directory in the PATH variable.

  • The first instance of java.exe file included in the PATH variable is the same as the java.exe included in JAVA_HOME/bin.

• Create CT-V .Net environment in Windows 2012 R2, user is required to perform the following steps:

  • Install Microsoft Visual C++ 2010x64 redistributable.

  • Configure JAVA_HOME System variable (Example JAVA_HOME = C:/Program Files/Java/jdk1.8.0_66).

  • Add JAVA_HOME/jre/bin/server to Path System variable (Example Path = C:/Program Files/Java/ jdk1.8.0_66/jre/bin/server).

  • Install CT-V (.Net/Web Services) and Run Sample.

• Create NAE user on Key Manager.

• Create Versioned AES-256 key and non-versioned HmacSHA256 key on Key Manager.

• Create Token vault using either KeySecure Classic UI or API.

Extracting the Package

• Navigate to the directory where you have downloaded the CT-V deliverable.

• Unzip the software file using any standard archive utility. The software adheres to the following naming convention:

  Part Number - Product Name - Product Version Number - File Format

  For example, 610-000671-002_CipherTrustVaultedTokenization-8.12.3.000-xxx.zip

When the CT-V package is extracted, a directory structure is created. Refer to "CipherTrust Vaulted Tokenization Package Details" for details.

CT-V Installation as .Net Web Services

CT-V provides .Net Developers with an InstallShield Wizard to simplify the installation process. Perform the following steps to install CT-V as .Net Web Services:

1. Run the SafeNetTokenization.exe in Administrative mode from location SafeNetTokenization-8.12.3.000- xxx\SafeNetTokenization\Tokenization\dotNet\x64 (or x86).

2. Click Next.

   

3. Select I accept the terms in the license agreement and click Next.

   

4. Select the CipherTrust Vaulted Tokenization Web Services option to install .Net Web Service and click Next.

   

5. The default installation directory is C:\Program Files\SafeNet. To change the default installation directory, click Change, else, click Next.

   

6. Click Install on the Ready to Install the Program screen.

   

   The CipherTrust Vaulted Tokenization (CT-V) Installer screen is displayed on the console.

   

   Here, perform these steps:

   1. Enter Yes to install the CipherTrust Vaulted Tokenization.

   2. Enter Yes to install the CADP JCE Provider in the JAVA_HOME\ext directory. Enter No if Java is installed in different location.

      Note

      • Ensure to remove any existing CADP JCE Provider jars from any other Java versions installed on the machine.

      • For Java 10, 11, and 17, the prompt to install the CADP JCE Provider is not there. It gets installed in the default location C:\Program Files\SafeNet.

      

      The installer lists the properties that are used by CADP JCE to connect to Key Manager.

      Note

      If using IPV6 address, specify it in curly braces, for example, {2002:0dc8:85k3:0000:0000:9a2e:0370:5221}.

      A combination of IPv4 and IPv6 addresses can be specified, provided, they are separated by colons(:) and each IPv6 address must be enclosed within {}. IPv6 is supported only for CipherTrust Manager.

   3. Enter Yes and All to update the properties. Enter No to continue with the existing properties.

      The installer lists the properties that are used by CT-V to connect to the database.

      

   4. Enter Yes to update the properties. Enter No to continue with the existing properties.

      Note

      If Informix is specified in DatabaseType then Informix server name is to be provided for InformixServerName parameter.

   5. The installer prompts you to Run the CipherTrust Vaulted Tokenization Upgrade. Enter Yes to upgrade. In case of fresh installation enter No.

   6. Enter NAE and Database credentials to verify CT-V installation.

      Note

      When installing CT-V for the Informix database for first time, user should skip this test.

   7. Enter Yes to show list of vaults.

   8. Enter token vault name to run the test or skip the test.

   9. The InstallShield Wizard Completed screen is displayed, click Finish to exit the wizard.

      

      Note

      The IngrianNAE.jar file appears under the location specified in JAVA_HOME/lib/ext folder. In case of Java 10, 11, and 17, it is appears under C:\Program Files\SafeNet\.

Thales supports the .Net CT-V services with MS IIS. To configure .Net CT-V Web Services with the IIS web server:

1. Navigate to IIS Manager > Application Pool and click Add Application Pool.

   

2. On the Edit Application Pool screen, enter or select the following details:

   

   • Enter a Name for the pool. In above demonstration, a pool, named Tokenization is created.

   • Select .Net CRL Version v4.0.30319 from the .Net CRL Version drop-down list.

   • Select Integrated from the Managed pipeline mode drop-down list.

   • Select the Start application pool immediately check-box.

   • Click OK.

3. Add application to the application pool. You can either add your application to the default Web Site or can create a new Web Site.

To add application to Default Web Site

1. In the left pane of the Application Pools, click Default Web Site and select Add Application.

   

2. On the Add Application screen, select or enter the following details:

   

   • Enter an Alias for the application.

   • In the Physical path field, provide the tokenizationWS directory path. In this demonstration, we are using C:\Program Files\SafeNet\Tokenization\tokenizationWS as the directory path.

   • Click Connect as. On the Connect As screen, select the administrator. When prompted, provide credentials.

   • Click Test Settings to verify the access.

   • Click OK.

3. Restart the IIS service.

4. Access the application added to the default Website using the following URL: http://localhost/tm/TokenManagerWS.asmx

To add a new Website to Sites

1. In the left pane, click Site and select Add Website. The Add Website screen is displayed.

   

2. On the Add Website screen, select or enter the following details:

   • Enter an Alias for the application.

   • Provide the application pool that you have created.

   • Specify the port number in the port field.

   • In the Physical path field, provide the tokenizationWS directory path. In this demonstration, we are using C:\Program Files\SafeNet\Tokenization\tokenizationWS as the directory path.

   • Click Connect as. On the Connect As screen, select the administrator. When prompted, provide credentials.

   • Click Test Settings to verify the access.

   • Click OK.

3. Restart the IIS service.

4. Access the new Website using the following URL: http://localhost:<port>/TokenManagerWS.asmx

   Note

   The IngrianNAE.jar file appears under the location specified in JAVA_HOME/lib/ext folder. In case of Java 10, 11, and 17, it appears under C:\Program Files\SafeNet\.

CT-V provides the feature to install the application in silent mode, see Silent Installation.

Fixing HTTP Error 404.3 - Not Found

Encountered the error "HTTP Error 404.3 - Not Found: The page you are requesting cannot be served because of the extension configuration. If the page is script, add a handler. If the file should be downloaded, add a MIME map".

Following are the steps to fix this error:

1. Install IIS sub components from Control Panel > Programs and Features > Turn Windows features on or off > Internet Information Services > World Wide Web Services > Application Development Features.

2. Check the ASP.NET option (the options .NET Extensibility, ISAPI Extensions, and ISAPI Filters will be selected automatically). Make sure that specific versions are checked. These options are divided into 4 and 4.6 in Windows Server.

3. Run the following command from cmd:

   For 32bit (x86) Windows:

   %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -ir
   

   For 64bit (x64) Windows:

   %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir
   

   Note

   .NET Framework version can be changed. Check which framework version is in the %windir%\Microsoft.NET\Framework64 directory and run the command accordingly.

4. Finally, check in IIS manager that your application uses application pool with .NET Framework version 4.0.

5. In Windows Server 2012, even after installing ASP.NET you might run into this issue. Check for the HTTP Activation feature. This feature is present under Web Services.