Installing and Configuring SafeNet ProtectApp Key Storage Provider

Installing the SafeNet ProtectApp Key Storage Provider

This section includes the steps to install the SafeNet Key Storage Provider (KSP). To do so, follow the steps mentioned below:

1. Download and unzip the SafeNet ProtectApp Key Storage Provider (ProtectApp Microsoft CNG Provider) zip file.

2. Double-click the setup to launch the InstallShield Wizard. The Welcome screen appears. Click Next.

   

3. Accept the license agreement and click Next.

   

4. Click Install to begin the installation.

5. Click Finish to complete the installation.

   

Once the SafeNet ProtectApp Key Storage Provider is installed, create a user on the CipherTrust Manager and assign permissions to the user for the following:

• Key Admins Group

• Key User

• CA Admin

For more information on creating and configuring user and permissions, refer to the CipherTrust Manager Documentation.

Navigate to C:\Program Files\SafenetProtectAppKSP and run SafenetProtectAppKSPInstaller.exe as an Administrator to register the provider. Enter the same username and password, as used in the previous step to create a user on the CipherTrust Manager appliance.

Configuring SafeNet ProtectApp Key Storage Provider

To configure SafeNet ProtectApp Key Storage Provider to connect with the CipherTrust Manager:

Enter the following values in the ProtectAppICAPI.properties file (placed at C:\Program Files\SafenetProtectAppKSP).

• NAE_IP: IP address of the CipherTrust Manager

• NAE_Port: 9000 (default value)

• Protocol: tcp/ssl

  Note

  • To run this integration using the TCP protocol, ensure that the mode of the interface on the CipherTrust Manager is set to No TLS. For more details regrading configuring interfaces refer to the CipherTrust Manager documentation.

  • If you want to use the SSL protocol, you need to configure SSL using the steps mentioned in the Setting up SSL/TLS section.

• Log_Level: MEDIUM (default value, can be set to HIGH for troubleshooting)

• Log_File: Full path and file name. The user must have write permissions on this path and file.

• CA_File: The CA_File parameter refers to the CA certificate that was used to sign the server certificate presented by the NAE Server to the client. (for ssl only)

• Cert_File: The Cert_File parameter stores the path and filename of the client certificate. This is only used when your SSL configuration requires clients to provide a client certificate to authenticate to the CipherTrust Manager appliances. (for ssl only)

• Key_File: The Key_File parameter refers to the private key associated with the client certificate specified in the Cert_ File parameter. (for ssl only)