Installing and Configuring SafeNet ProtectApp Key Storage Provider
Installing the SafeNet ProtectApp Key Storage Provider
This section includes the steps to install the SafeNet Key Storage Provider (KSP). To do so, follow the steps below:
Note
You need to install the SafeNet ProtectApp Key Storage Provider on the same machine where AD CS and Citrix FAS are installed.
Download and unzip the SafeNet ProtectApp Key Storage Provider (ProtectApp Microsoft CNG Provider) zip file.
Double-click the setup to launch the InstallShield Wizard. The Welcome screen appears. Click Next.
Accept the license agreement and click Next.
Click Install to begin the installation.
Click Finish to complete the installation.
After installing the provider, create a user on the CipherTrust Manager and add the user to the Key Admins Group. For creating and configuring user and permissions, refer to the CipherTrust Manager documentation.
Navigate to C:\Program Files\SafenetProtectAppKSP
and run SafenetProtectAppKSPInstaller.exe
as an Administrator to register the provider. Enter the same username and password, as used in the previous step to create a user on the CipherTrust Manager appliance.
Configuring SafeNet ProtectApp Key Storage Provider
To configure SafeNet ProtectApp Key Storage Provider to connect with the CipherTrust Manager:
Enter the following values in the ProtectAppICAPI.properties
file (placed at C:\Program Files\SafenetProtectAppKSP
).
NAE_IP: IP address of the CipherTrust Manager
NAE_Port: 9000 (default value)
Protocol: tcp/ssl
Note
To run this integration using the TCP protocol, ensure that the mode of the interface on the CipherTrust Manager is set to No TLS. For more details regarding configuring interfaces, refer to the CipherTrust Manager documentation.
If you want to use the SSL protocol, you need to configure SSL using the steps mentioned in the Setting up SSL/TLS section.
Log_Level: MEDIUM (default value, can be set to HIGH for troubleshooting)
Log_File: Full path and file name. The user must have write permissions on this path and file.
CA_File: The CA_File parameter refers to the CA certificate that was used to sign the server certificate presented by the NAE Server to the client. (for SSL only)
Cert_File: The Cert_File parameter stores the path and filename of the client certificate. This is only used when your SSL configuration requires clients to provide a client certificate to authenticate to the CipherTrust Manager appliances. (for SSL only)
Key_File: The Key_File parameter refers to the private key associated with the client certificate specified in the Cert_ File parameter. (for SSL only)