Installing CT-V as .Net Web Services
This topic lets you install CT-V as the Web Services.
Prerequisites
The prerequisites of installing .Net based CT-V are:
Before you use the installer file, the .Net Framework and Java must already be installed, and you must create a Token Vault.
If CT-V is already installed, the first run of installer deletes it. Use the installer again and you are given a choice of installing either traditional CT-V or the CT-V WebService. The new installed version includes all build and sample files.
Note
Before installing .Net based CT-V 8.12.4, uninstall CT-V 8.4.0 or any lower version manually, if already installed; else the installation will fail.
.Net versions below 4.0 are not supported.
Make sure that you set up the
JAVA_HOME
variable to<Java Install Directory>/jre
as a system variable and add<JAVA_HOME/jre/bin/server>
(for Java 10/11/17,<JAVA_HOME/bin/server>
) to system path variable.Set the
JAVA_HOME
variable to the location of your JVM. The JVM version must be 8 (minimum 1.8.0_111), 10, 11, or 17. When using JRE, the jar and properties files will be placed in<JAVA_HOME/lib/ext>
. On using JDK, the jar and properties files are placed in<JAVA_HOME/jre/lib/ext>
. For Java 10/11/17, the jar and properties files are placed in the default location<C:\Program Files\SafeNet>
. Make sure that the location is part of your CLASSPATH.Download the encryption policy files for unlimited strength ciphers (US_export_policy.jar and local_policy.jar) and install them in
<JAVA_HOME/lib/security>
. You need these to use AES-256 keys.For Sun/Oracle Java, download corresponding version of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from: https://www.oracle.com/technetwork/java/javase/downloads/index.html
Note
For Java 10, 11, and 17, the encryption policy files are not required to be installed separately.
The KeySecure Classic allows the clients to perform key and policy configuration operations. Make sure that the Allow Key and Policy Configuration Operations field is enabled on the Cryptographic Key Server Properties section on the Cryptographic Key Server Configuration page (Navigate to Device >> Key Server. Select NAE-XML.)
Remove any earlier versions of the CADP JCE Provider (IngrianNAE-x.x.x.jar) from
<JAVA_HOME/lib/ext>
or<JAVA_HOME/jre/lib/ext>
. Any existing older version of the IngrianNAE jar file can abort the installation process immediately with an error.You cannot simply rename the old jar file. It must be deleted or moved to a directory other than
JAVA_HOME
; otherwise, the JVM will still find it, even if it has a file name that does not end in .jar.Create a backup of any existing
IngrianNAE.properties
file. The installer copies your previous settings to the new properties file, but any embedded comments can be lost. Keeping a copy of your old properties file helps you if troubleshooting is necessary.Have access to a database user account with the following permissions:
CREATE TABLE
SELECT on the token vault table
INSERT on the token vault table
DELETE on the token vault table
UPDATE on the token vault table
If you have multiple instances or versions of Java on your machine, ensure that the following are true before testing the CT-V:
The CLASSPATH variable lists the JDK/JRE instance that holds the CT-V files. If the CLASSPATH variable includes multiple JDKs or JREs, the instance used by the CT-V must be listed before the others.
If the CADP JCE is not installed in
JAVA_HOME/lib/ext
, the CLASSPATH variable includes the IngrianNAE- 8.12.2.000.jar file included in this software.No other java bin directories occur before the system32 directory in the PATH variable.
The first instance of
java.exe
file included in the PATH variable is the same as thejava.exe
included inJAVA_HOME/bin
.
Create CT-V .Net environment in Windows 2012 R2, user is required to perform the following steps:
Install Microsoft Visual C++ 2010x64 redistributable.
Configure JAVA_HOME System variable (Example JAVA_HOME = C:/Program Files/Java/jdk1.8.0_66).
Add JAVA_HOME/jre/bin/server to Path System variable (Example Path = C:/Program Files/Java/ jdk1.8.0_66/jre/bin/server).
Install CT-V (.Net/Web Services) and Run Sample.
Create NAE user on Key Manager.
Create Versioned AES-256 key and non-versioned HmacSHA256 key on Key Manager.
Create Token vault using either KeySecure Classic UI or API.
Extracting the Package
Navigate to the directory where you have downloaded the CT-V deliverable.
Unzip the software file using any standard archive utility. The software adheres to the following naming convention:
Part Number - Product Name - Product Version Number - File Format
For example,
610-000671-002_CipherTrustVaultedTokenization-8.12.4.000-xxx.zip
When the CT-V package is extracted, a directory structure is created. Refer to "CipherTrust Vaulted Tokenization Package Details" for details.
CT-V Installation as .Net Web Services
CT-V provides .Net Developers with an InstallShield Wizard to simplify the installation process. Perform the following steps to install CT-V as .Net Web Services:
Run the
SafeNetTokenization.exe
in Administrative mode from locationSafeNetTokenization-8.12.4.000- xxx\SafeNetTokenization\Tokenization\dotNet\x64 (or x86)
.Click Next.
Select I accept the terms in the license agreement and click Next.
Select the CipherTrust Vaulted Tokenization Web Services option to install .Net Web Service and click Next.
The default installation directory is C:\Program Files\SafeNet. To change the default installation directory, click Change, else, click Next.
Click Install on the Ready to Install the Program screen.
The CipherTrust Vaulted Tokenization (CT-V) Installer screen is displayed on the console.
Here, perform these steps:
Enter Yes to install the CipherTrust Vaulted Tokenization.
Enter Yes to install the CADP JCE Provider in the
JAVA_HOME\ext
directory. Enter No if Java is installed in different location.Note
Ensure to remove any existing CADP JCE Provider jars from any other Java versions installed on the machine.
For Java 10, 11, and 17, the prompt to install the CADP JCE Provider is not there. It gets installed in the default location C:\Program Files\SafeNet.
The installer lists the properties that are used by CADP JCE to connect to Key Manager.
Note
If using IPV6 address, specify it in curly braces, for example, {2002:0dc8:85k3:0000:0000:9a2e:0370:5221}.
A combination of IPv4 and IPv6 addresses can be specified, provided, they are separated by colons(:) and each IPv6 address must be enclosed within {}. IPv6 is supported only for CipherTrust Manager.
Enter Yes and All to update the properties. Enter No to continue with the existing properties.
The installer lists the properties that are used by CT-V to connect to the database.
Enter Yes to update the properties. Enter No to continue with the existing properties.
Note
If Informix is specified in DatabaseType then Informix server name is to be provided for InformixServerName parameter.
The installer prompts you to Run the CipherTrust Vaulted Tokenization Upgrade. Enter Yes to upgrade. In case of fresh installation enter No.
Enter NAE and Database credentials to verify CT-V installation.
Note
When installing CT-V for the Informix database for first time, user should skip this test.
Enter Yes to show list of vaults.
Enter token vault name to run the test or skip the test.
The InstallShield Wizard Completed screen is displayed, click Finish to exit the wizard.
Note
The IngrianNAE.jar file appears under the location specified in
JAVA_HOME/lib/ext
folder. In case of Java 10, 11, and 17, it is appears underC:\Program Files\SafeNet\
.
Thales supports the .Net CT-V services with MS IIS. To configure .Net CT-V Web Services with the IIS web server:
Navigate to IIS Manager > Application Pool and click Add Application Pool.
On the Edit Application Pool screen, enter or select the following details:
Enter a Name for the pool. In above demonstration, a pool, named Tokenization is created.
Select .Net CRL Version v4.0.30319 from the .Net CRL Version drop-down list.
Select Integrated from the Managed pipeline mode drop-down list.
Select the Start application pool immediately check-box.
Click OK.
Add application to the application pool. You can either add your application to the default Web Site or can create a new Web Site.
To add application to Default Web Site
In the left pane of the Application Pools, click Default Web Site and select Add Application.
On the Add Application screen, select or enter the following details:
Enter an Alias for the application.
In the Physical path field, provide the tokenizationWS directory path. In this demonstration, we are using
C:\Program Files\SafeNet\Tokenization\tokenizationWS
as the directory path.Click Connect as. On the Connect As screen, select the administrator. When prompted, provide credentials.
Click Test Settings to verify the access.
Click OK.
Restart the IIS service.
Access the application added to the default Website using the following URL: http://localhost/tm/TokenManagerWS.asmx
To add a new Website to Sites
In the left pane, click Site and select Add Website. The Add Website screen is displayed.
On the Add Website screen, select or enter the following details:
Enter an Alias for the application.
Provide the application pool that you have created.
Specify the port number in the port field.
In the Physical path field, provide the tokenizationWS directory path. In this demonstration, we are using
C:\Program Files\SafeNet\Tokenization\tokenizationWS
as the directory path.Click Connect as. On the Connect As screen, select the administrator. When prompted, provide credentials.
Click Test Settings to verify the access.
Click OK.
Restart the IIS service.
Access the new Website using the following URL: http://localhost:<port>/TokenManagerWS.asmx
Note
The IngrianNAE.jar file appears under the location specified in
JAVA_HOME/lib/ext
folder. In case of Java 10, 11, and 17, it appears underC:\Program Files\SafeNet\
.
CT-V provides the feature to install the application in silent mode, see Silent Installation.
Fixing HTTP Error 404.3 - Not Found
Encountered the error "HTTP Error 404.3 - Not Found: The page you are requesting cannot be served because of the extension configuration. If the page is script, add a handler. If the file should be downloaded, add a MIME map".
Following are the steps to fix this error:
Install IIS sub components from Control Panel > Programs and Features > Turn Windows features on or off > Internet Information Services > World Wide Web Services > Application Development Features.
Check the
ASP.NET
option (the options.NET Extensibility
,ISAPI Extensions
, andISAPI Filters
will be selected automatically). Make sure that specific versions are checked. These options are divided into 4 and 4.6 in Windows Server.Run the following command from cmd:
For 32bit (x86) Windows:
%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -ir
For 64bit (x64) Windows:
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir
Note
.NET Framework version can be changed. Check which framework version is in the
%windir%\Microsoft.NET\Framework64
directory and run the command accordingly.Finally, check in IIS manager that your application uses application pool with .NET Framework version 4.0.
In Windows Server 2012, even after installing
ASP.NET
you might run into this issue. Check for theHTTP Activation
feature. This feature is present under Web Services.