Installing CCC
After you've created a root of trust, follow these steps to install the CCC server, while ensuring that you are logged in as a root user:
1. Download license file
Log in to Thales Group Licensing Portal using the details provided in the entitlement email you have received, and then activate your CCC license and download the license file. A Freemium license file is included in the CCC package that you'll be downloading in the next step.
2. Download CCC package
Log in to Thales Customer Support Portal and download the CCC package on to the CCC server. Unzip the CCC package and then go to the directory containing the RPM file and installation script.
3. Run installation script
Enter the sh install.sh
command to begin the installation process.
You may see one or more warning messages in case your system does not meet the hardware or software requirements. In some cases, the installation process may get terminated due to such errors. In such instances, you can reinitiate the installation process after installing the missing components.
You'll be asked to provide inputs at various stage of the installation process. The default inputs have been indicated by way of square brackets, wherever applicable. In case you press Enter without providing an input, the default inputs will be considered.
4. Install database
Specify the database that you want to install. Press 1 for installing PostgreSQL, or press 2 for installing Oracle.
-
If you want to install PostgreSQL, refer to step 5 below for further details.
-
If you want to install Oracle database, skip the rest of the steps on this page and refer to the Installing Oracle section for further guidance. After installing Oracle, you need to configure CCC, as decribed in the Configuring CCC section.
To install Oracle, it is recommended that you should consult a trained Oracle Database Administrator (DBA). The DBA must refer the instructions provided in the Installing Oracle section.
5. Install PostgreSQL
Enter y to install PostgreSQL using the CCC installer or n to install PostgreSQL manually.
CCC supports one-way SSL authentication for PostgreSQL database.
-
If you want to use the CCC installer, a check is performed for any existing version of PostgreSQL on your machine. If an existing version is found, it is offered to you for reconfiguration. If an existing version is not found, you need to specify whether you want to do the PostgreSQL installation through the Internet or by using PostgreSQL RPMs that are already downloaded. Depending on your choice, PostgreSQL gets installed on your machine. After PostgreSQL has been installed, move to step 5 below.
In case you see an error message, ensure that you are meeting all the requirements for PostgreSQL installation.
If you are upgrading to CCC 3.9, the PostgreSQL database will get reconfigured if the SSL certificate was previously created with CN=unknown.
-
If you want to install PostgreSQL manually, skip the rest of the steps on this page and refer to the Installing PostgreSQL Manually section for further details. After you've installed PostgreSQL manually, you need to configure CCC, as described in the Configuring CCC section.
5. Provide PostgreSQL listen address
After you've installed PostgreSQL using the CCC installer, you'll be asked to provide PostgreSQL listen address, which could either be a hostname or IP address. It is recommended that you provide 127.0.0.1 as the PostgreSQL listen address to identify the server in all configuration files. Unlike a hostname, 127.0.0.1 can be used in all the files.
6. Configure syslog
Specify whether you want to configure syslog for PostgreSQL database logs.
7. Configure SSL
You need to specify whether you want to configure PostgreSQL with SSL. If you enter y, you'll be asked to provide SSL Certificate details, as described in the steps that follow. If you enter n, the SSL Certificate related steps will not be applicable to you.
8. Create database password
You need to create a database password.
9. Create self-signed certificate
If you are configuring PosgreSQL with SSL, you need to create a self-signed certificate that will enable secure communication between the CCC server and PostgreSQL database. To do so, you need to specify your hostname, name of the organization unit, name of the organization, name of your city, name of your state or province, your 2-letter country code, and your email address.
After you've created a self-signed certificate, a 2048-bit RSA key will be generated and the CCC installation process will get completed.
10. Reboot and change current directory
Reboot your system and change your current directory to /usr/safenet/ccc to initiate the CCC configuration process, as explained in the Configuring CCC section.