Installing and Configuring SafeNet ProtectApp Key Storage Provider
Installing the SafeNet ProtectApp Key Storage Provider
This section includes the steps to install the SafeNet Key Storage Provider (KSP). To do so, follow the steps mentioned below:
Note
You need to install the SafeNet ProtectApp Key Storage Provider on the same machine where Microsoft IIS is installed.
Download and unzip the SafeNet ProtectApp Key Storage Provider (ProtectApp Microsoft CNG Provider) zip file.
Double-click the setup to launch the InstallShield Wizard. The Welcome screen appears. Click Next.
Accept the license agreement and click Next.
Click Install to begin the installation.
Click Finish to complete the installation.
Once the provider has been installed, create a user on the CipherTrust Manager and assign it permissions to the Key Admins Group. For creating and configuring user and permissions refer to the CipherTrust Manager documentation.
Navigate to C:\Program Files\SafenetProtectAppKSP and run SafenetProtectAppKSPInstaller.exe as an Administrator to register the provider. Enter the same username and password, as used in the previous step to create a user on the CipherTrust Manager appliance.
Note
Here, Key Secure User and Key Secure Password are the username and password of the CipherTrust Manager user.
Configuring SafeNet ProtectApp Key Storage Provider
To configure SafeNet ProtectApp Key Storage Provider to connect with the CipherTrust Manager:
Enter the following values in the ProtectAppICAPI.properties file (placed at C:\Program Files\SafenetProtectAppKSP).
NAE_IP: IP address of the CipherTrust Manager
NAE_Port: 9000 (default value)
Protocol: tcp/ssl
Note
To run this integration using the TCP protocol, ensure that the mode of the interface on the CipherTrust Manager is set to No TLS. For more details regrading configuring interfaces refer to the CipherTrust Manager documentation.
If you want to use the SSL protocol, you need to configure SSL using the steps mentioned in the Setting up SSL/TLS section.
Log_Level: MEDIUM (default value, can be set to HIGH for troubleshooting)
Log_File: Full path and file name. The user must have write permissions on this path and file.
CA_File: The CA_File parameter refers to the CA certificate that was used to sign the server certificate presented by the NAE Server to the client. (for ssl only)
Cert_File: The Cert_File parameter stores the path and filename of the client certificate. This is only used when your SSL configuration requires clients to provide a client certificate to authenticate to the CipherTrust Manager appliances. (for ssl only)
Key_File: The Key_File parameter refers to the private key associated with the client certificate specified in the Cert_ File parameter. (for ssl only)
