Installing CCC

After Creating a Root of Trust, follow these steps to install the CCC server, while ensuring that you are logged in as a root user:

1.Downloading the CCC license file:

a.Log in to Thales Group Licensing Portal, using the details provided in the entitlement email you have received.

b.Activate your CCC license and then download the license file.

NOTE   A Freemium license file is included in the CCC package that you'll be downloading in the next step. For more information about the different types of CCC licenses, click here.

2.Downloading the CCC package:

a.Log in to the Thales Customer Support Portal and download the CCC package on to the CCC server.

b.Unzip the CCC package and then go to the directory containing the RPM file and installation script.

3.Checking installation requirements:

a.Run the sh install.sh -check command to check whether your system meets all the requirements for installing CCC.

b.If your system meets the hardware and software requirements, you will see a message stating that your system meets all the requirements, following which you can type proceed to begin the installation process.

c.If your system does not meet the hardware or software requirements needed for installing CCC, there are two possibilities:

–You'll see one or more warning messages indicating the missing components, following which you can either continue with the installation process or install the missing components first and then resume the installation process by running the sh install.sh -check command again.

–The installation process will get terminated due to errors and you will not be able to proceed further.

NOTE   You'll be asked to provide appropriate inputs at various stage of the installation process. The default inputs have been indicated by way of square brackets, wherever applicable. In case you press Enter without providing an input, the default inputs will be considered for the purpose of installation.

4.Setting umask: You will see a message indicating that umask has been set to 0022.

5.Installing CCC RPM: The Crypto Command Center RPM package will be installed on your system.

NOTE   If a Crypto Command Center RPM package is already installed on your system, you'll be asked whether you want to uninstall and then reinstall the package.

6.Installing JDK: Java will be installed on your system. You'll be asked whether you wish to provide the path of an already installed JDK. If not, JDK be installed from the Web.

7.Installing a database: Specify the database that you want to use.

a.If you press 1, you'll be asked whether you wish to install PostgreSQL locally or on an external server.

–If you opt for installing PostgreSQL locally, the installer checks for any existing version of PostgreSQL on your machine. If an existing version is found, it is offered to you for reconfiguration. If an existing version is not found, you need to specify whether you want to do the PostgreSQL installation through the Internet or via a local directory. Depending on your choice, PostgreSQL gets installed on your machine. After PostgreSQL has been installed, complete the rest of the installation process, as explained in steps 8 to 12 below.

–If you opt for installing PostgreSQL on an external server, you need to refer to the Installing PostgreSQL on an External Server section of the CCC User Guide for detailed steps. After you've installed PostgreSQL on an external server, you need to configure CCC, as described in the Configuring CCC section. You can skip the rest of the steps on this page.

b.If you select 2, you need to install Oracle database on your system, as described in the Installing an Oracle Database section of this guide. After installing Oracle, you need to configure CCC, as described in Configuring CCC section. You can skip the rest of the steps on this page.

NOTE   To install Oracle, it is recommended that you should consult a trained Oracle Database Administrator (DBA). The DBA must refer the instructions provided in the Installing an Oracle Database section.

8.Providing PostgreSQL listen address: After you've installed PostgreSQL locally, you'll be asked to provide PostgreSQL listen address, which could either be a hostname or IP address. We recommend that you should provide 127.0.0.1 as the PostgreSQL listen address to identify the server in all configuration files. Unlike a hostname, 127.0.0.1 can be used in all the files.

9.Configuring syslog: Specify whether you want to configure syslog for PostgreSQL database logs.

10.Configuring SSL: You need to specify whether you want to configure PostgreSQL with SSL. If you choose Yes, you'll be asked to provide SSL Certificate details in step 12 below. If you choose No, step 12 will not be applicable to you.

11.Creating database password: You need to create a database password.

12.Creating a self-signed certificate: If you are configuring PosgreSQL with SSL, you need to create a self-signed certificate that will enable secure communication between the CCC server and PostgreSQL database. To do so, you need to specify your hostname, name of the organization unit, name of the organization, name of your city, name of your state or province, your 2-letter country code, and your email address.

 

After you've installed CCC, you need to change your current directory to /usr/safenet/ccc and initiate the CCC configuration process, as explained in the Configuring CCC section.