Configuring CCC
After Installing CCC, follow these steps to configure CCC:
Checking configuration requirements: Run the sh config.sh -check
command from the /usr/safenet/ccc directory.
-
If the server meets the configuration-related prerequisites, you will see a message stating that your system meets all the requirements, following which you can type proceed to begin the configuration process.
-
If the server does not meet the configuration-related prerequisites, you will see a warning indicating the missing requirements. After you've made the required changes, you need to run the
sh config.sh -check
command again. If all the configuration-related requirements are met this time, you can type proceed to begin the configuration process.
You'll be asked to provide appropriate inputs at various stage of the configuration process. The default inputs have been indicated by way of square brackets, wherever applicable. In case you press Enter without providing an input, the default inputs will be considered for the purpose of configuration.
Checking CCC server state: A check is conducted to determine whether the CCC server is running. In case the CCC server is running, you'll be asked to stop it before proceeding further.
Setting umask: You will see a message indicating that umask has been set to 0022.
Configuring JDK: You'll be asked whether you want to change the JDK used by Crypto Command Center. In case you want to change the JDK, you need to provide the path.
Configuring JCPROV: You will see a message indicating the JCPROV has been configured. CCC server uses JCPROV APIs to access root of trust partition. For more information on JCPROV, refer to Thales Luna Network HSM documentation.
Configuring firewall: Specify whether you want to open the port used by CCC in the firewall.
Configuring hosts file: A check is conducted to ensure that the IP address and the hostname are mapped in the hosts file.
Configuring SSL server certificates: You need to decide whether you want to set an IP address in the subjectAltName of the SSL certificate. Following this, you need to create a Distinguished Name (DN) to include in your certificate request.
If no entry is provided for subjectAltName, then the entry provided for the distinguished name (DN) in the next step (host name/IP address) will be used for host attribute while deploying ccc_client.jar.
Configuring keystores: You'll be asked to change the vault, keystore, and truststore passwords.
Truststore password is used to access truststore contents. Truststore stores PostgreSQL or Oracle SSL certificates. Keystore password is used to access the keystore contents. Keystore holds the server certificate and private key. Whenever a client connects to the CCC server, the CCC server sends the certificate stored in the keystore to the client for verification. The client then verifies the certificate and begins communication with the CCC server. Vault password is used to access vault contents. Vault holds the truststore and keystore passwords.
Configuring database: Specify the database. Press 1 for PostgreSQL or 2 for Oracle.
If you press 1 for PostgreSQL, you need to:
i. Provide the database server’s hostname or IP address. The default IP address is 127.0.0.1.
ii. Specify whether you wish to configure CCC with PostgreSQL over SSL. The default option is Yes.
iii. Enter the database server's port number. The default port number is 5432.
iv. Enter the database password.
v. Enter the truststore password.
If you press 2 for Oracle, you need to:
i. Provide the database server’s hostname or IP address.
ii. Specify whether you wish to configure CCC with Oracle over SSL. The default option is Yes.
iii. Enter the database server's port number. The default port number is 2484.
iv. Enter the database server's service name.
v. Enter the database password for Lunadirector user.
vi. Enter the database password for Keycloak user.
vii. Enter the truststore password.
Completing CCC configuration:
Enter 1, 2, or 3, depending on whether you want to view the certificate, or import the certificate into the trusted keystore, or exit the configuration process.
After you’ve imported the certificate into the trusted keystore, you need to provide the vault password. At this point, the license persistence information will get initialized and the process of configuring CCC will get completed.
You can now log in to the CCC using the URL https://
Windows: If you are a Windows user, go to C:\Windows\System32\drivers\etc\hosts, open the hosts file using a text editor, and add the following line: 1.2.3.4 ccc.
Linux: If you are a Linux user, go to /etc/hosts, open the hosts file using a text editor, and add the following line: 1.2.3.4 ccc.