Configuring CCC
After installing CCC, follow the steps mentioned below to configure CCC.
Note
You'll be asked to provide inputs at various stage of the configuration process. The default inputs have been indicated by way of square brackets, wherever applicable. In case you press Enter without providing an input, the default inputs will be considered.
1. Reboot and change current directory
After installing CCC, reboot your system and change your current directory to /usr/safenet/ccc.
2. Run configuration script
Enter the sh config.sh
command to begin the configuration process.
3. Check requirements
A check is performed for the configuration-related prerequisites. In case the prerequisites are not met, you will see an error message. Re-run the sh config.sh
command after making the required changes.
4. Check CCC server state
A check is performed to determine whether the CCC server is running. In case the CCC server is running, you'll be asked to stop it before proceeding further.
5. Set umask
You will see a message indicating that umask has been set to 0022.
6. Configure JDK
Decide whether you want to change the JDK used by Crypto Command Center. In case you want to change the JDK, you need to provide the path.
7. Configure JCPROV
You will see a message indicating the JCPROV has been configured. CCC server uses JCPROV APIs to access root of trust partition. For more information on JCPROV, refer to Thales Luna Network HSM documentation.
8. Configure firewall
Specify whether you want to open the port used by CCC in the firewall.
9. Configure hosts file
A check is conducted to ensure that the IP address and the hostname are mapped in the hosts file.
10. Configure SSL server certificates
You need to decide whether you want to set an IP address in the subjectAltName of the SSL certificate.
11. Create Private Key and SSL
A private key and self-signed certificate are generated at this point.
12. Create Distinguished Name
You need to create a Distinguished Name (DN) to include in your certificate request.
Note
If no entry is provided for subjectAltName, then the entry provided for the distinguished name (DN) in the next step (host name/IP address) will be used for host attribute while deploying ccc_client.jar.
13. Create Certificate Signing Request
You are asked to provide a host name, name of your organizational unit, name of your organization, name of your city or locality, name of your state or province, and two-letter country code. A certificate signing request gets created based on your inputs.
14. Configure keystores
You will be asked to change the credential store, key store, and trust store passwords.
15. Configure database
Specify the database that you want to configure. Press 1 to configure PostgreSQL or 2 to configure Oracle.
To configure PostgreSQL:
-
Provide the database server’s hostname or IP address. The default IP address is 127.0.0.1.
-
Specify whether you wish to configure CCC with PostgreSQL over SSL. The default option is Yes.
-
Enter the database server's port number. The default port number is 5432.
-
Enter the database password.
-
Enter the trust store password.
To configure Oracle:
-
Provide the database server’s hostname or IP address.
-
Specify whether you wish to configure CCC with Oracle over SSL. The default option is Yes.
-
Enter the database server's port number. The default port number is 2484.
-
Enter the database server's service name.
-
Enter the database password for Lunadirector user.
-
Enter the database password for Keycloak user.
-
Enter the trust store password.
16. Import server certificate
After configuring database, you will encounter a message stating that server certificate is not trusted. Enter 1, 2, or 3, depending on whether you want to view the certificate, or permanently import the certificate into the trusted keystore, or exit the configuration process. If you enter 2, the certificate will be successfully imported to the trusted key store.
17. Enter credential store password
After you’ve imported the certificate into the trusted keystore, you need to enter the credential store password. At this point, the license persistence information will get initialized and the process of configuring CCC will get completed.
18. Log in
Log in to the CCC using the URL https://
Windows: If you are a Windows user, go to C:\Windows\System32\drivers\etc\hosts, open the hosts file using a text editor, and add the following line: 1.2.3.4 ccc.
Linux: If you are a Linux user, go to /etc/hosts, open the hosts file using a text editor, and add the following line: 1.2.3.4 ccc.