RSA Keon Validation Server 2.0 Installation Guide
Total Page:16
File Type:pdf, Size:1020Kb
RSA Keon Validation Server 2.0 Installation Guide Contact Information See our Web sites for regional Customer Support telephone and fax numbers. RSA Security Inc. RSA Security Ireland Limited www.rsasecurity.com www.rsasecurity.ie Trademarks ACE/Agent, ACE/Server, Because Knowledge is Security, BSAFE, ClearTrust, Keon, RC2, RC4, RC5, RSA, the RSA logo , RSA Secured, RSA Security, SecurCare, SecurID, Smart Rules, The Most Trusted Name in e- Security, and Virtual Business Units are registered trademarks, and e-Titlement, the RSA Secured logo, SecurWorld, and Transaction Authority are trademarks of RSA Security Inc. in the U.S and/or other countries. Microsoft, Windows, Windows 2000, Windows XP, Windows 2003, and Outlook are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other countries. Navigator and Enterprise Server are also trademarks of Netscape Communications Corporation and may be registered outside the U.S. Solaris and Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. nFast, nShield, nForce and KeySafe are either registered trademarks or trademarks of nCipher Corporation Ltd. in the United States and/or other countries. Other product and service names mentioned herein may be the trademarks of their respective companies. Portions Copyright © 1992-1996 Regents of the University of Michigan. All rights reserved. License agreement This software and the associated documentation are proprietary and confidential to RSA Security, are furnished under license, and may be copied only in accordance with the terms of such license and with the inclusion of this notice and any other copyright, trademark or other proprietary markings or notices contained in the software and documentation. Neither this software nor any copies thereof may be provided to or otherwise made available to any third party. No title to or ownership of the software or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by RSA Security. Third party licenses This product may include software developed by parties other than RSA Security. The text of the license agreements applicable to third party software in this product may be viewable in the thirdpartylicense.pdf file. This product includes software developed by Apache Software Foundation (http://www.apache.org/). Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import or export of encryption technologies, and current use, import and export regulations should be followed when exporting this product. Distribution Limit distribution of this document to trusted personnel. Copyright © 2003 RSA Security Inc. All rights reserved. Portions of this product use technologies patented under U.S. patent numbers 5,922,074 and 6,249,873. II RSA SECURITY Contents Preface. .5 chapter 1. System Requirements . .11 Supported Platforms . 11 System Configuration . 11 Browser Support for Administration . 11 Cryptographic Support . 12 RSA Public Key Technology . 12 Hardware Security Module Support . 13 Interoperability Requirements . 13 chapter 2. Installation Overview . .15 System Architecture. 15 Protocols Used Within Keon VS . 16 Installed CAs . 16 Issued Certificates . 16 Keon VS File Directory Structure. 17 chapter 3. Installing Keon VS . .19 Before You Begin. 19 Pre-Installation Checklist . 19 Installation Procedure . 20 Post-Installation Checklist . 22 chapter 4. Managing Audit Logs . .23 Configuring Logging . 23 Managing Audit Log Files . 23 chapter 5. Uninstalling Keon VS . .25 Stopping Keon VS . 25 Uninstalling Keon VS . 25 appendix A. Configuring Keon VS . .27 appendix B. Troubleshooting Keon VS. .29 appendix C. Cryptographic Hardware Interoperability . .31 RSA KEON VALIDATION SERVER INSTALLATION GUIDE III Contents appendix D. Media Verification . .37 Glossary . .41 Acronyms . .55 Index . .57 IV RSA SECURITY Preface About RSA Security With thousands of customers around the globe, RSA Security (NASDAQ: RSAS) provides interoperable solutions for establishing online identities, access rights, and privileges for people, applications, and devices. Built to work seamlessly and transparently in the complex environments of thousands of customers, the Company’s comprehensive portfolio of identity and access management solutions—including authentication, Web access management, and developer solutions—is designed to allow customers to confidently exploit new technologies for competitive advantage. RSA Security’s strong reputation is built on its history of ingenuity and leadership, proven technologies, and long-standing relationships with more than 1,000 technology partners. About RSA Keon Validation Server RSA Keon Validation Server (Keon VS) provides certificate status information to public key infrastructure (PKI) applications. Using Online Certificate Status Protocol (OCSP), Keon VS acquires status information for certificates issued by one or more certificate authorities (CAs). A Keon VS signer signs status responses, which ensures that OCSP clients can validate and trust the status responses they receive. A trusted CA certifies the Keon VS signer. About the RSA Keon Validation Server Installation Guide This guide describes the installation of RSA Keon Validation Server. For the latest information about the RSA Keon Validation Server product, see the RSA Keon Validation Server README on the RSA Keon Validation Server CD-ROM or the SecurCare Online Web site. In the event of a discrepancy, the readme files take precedence over this document and the online documentation. In the event of a discrepancy between this document and the online documentation, the online documentation should take precedence. RSA KEON VALIDATION SERVER INSTALLATION GUIDE 5 Preface Conventions These alerts are used in the RSA Keon Validation Server Installation Guide:: Caution This alert warns you of instances where an instruction or procedure not followed exactly could result significant or irrevocable damage to your installation (hardware or software). Important This alert highlights information that you need to know to keep the software operating correctly. Note This alert points to tips that may make the software run more smoothly or provides additional information about a concept or procedure. These typographic conventions are used in the RSA Keon Validation Server Installation Guide: Bold Interface items such as menus, menu commands, and buttons. Bold Italics Hyperlinks in the user interface. Fixed-width Code fragments and command line arguments, parameters, font options, URLs, and directories. These writing conventions are used in the RSA Keon Validation Server Installation Guide: <installed-dir> The directory where the product is installed. > Indicates selecting an item from a menu in an application. For example, the instruction “Click File > New” indicates that a user should click the File menu and select New. RSA Keon Product Suite RSA Keon Certificate Authority RSA Keon Certificate Authority (Keon CA) is the central component of the RSA Keon product suite. One copy of Keon CA allows you to manage multiple certificate authorities and issue certificates under each of them. The rest of the RSA Keon product suite works with Keon CA to provide a full PKI solution. RSA Keon Registration Authority RSA Keon Registration Authority (Keon RA) works with Keon CA to easily enroll large numbers of customers or users for certificate usage. You can use Keon RA to create and manage RAs (registration authorities) to perform registration services on 6 RSA SECURITY Preface behalf of a CA. The most common service is vetting end-users who enroll for a certificate. The RAs created by Keon RA also serve to provide greater control in limiting access to Keon CA. RSA Keon OneStep RSA Keon OneStep (Keon OneStep) is a feature of Keon CA that enables automatic issuance of certificates. Keon OneStep includes an API that enables your enterprise to build customized plug-ins for autovetting certificate requests through the optionally installed Keon OneStep CGI program. The Keon OneStep CGI program handles the process of authenticating, approving, issuing, and installing certificates in one automatic operation, without human intervention. A subset of the Keon OneStep API enables your enterprise to build customized plug-ins for the CMP server. RSA Keon WebSentry RSA Keon WebSentry enables Web servers to offer high-assurance user authentication through digital certificates by seamlessly PKI-enabling Web servers and providing real-time validity checking of a user’s certificate. Web administrators can also use certificates to limit access to private or sensitive files stored on their Web sites. RSA Keon Key Recovery Module RSA Keon Key Recovery Module (Keon KRM) is an add-on module to Keon CA. It can be used to store and recover users’ private keys used for data encryption. Keon KRM works with a standard Keon CA installation. Its administrative functions are integrated into the Keon CA interface. Keon KRM generates RSA public key encryption keypairs in a secure hardware module on a central server. RSA Keon Certificate Authority API RSA Keon Certificate Authority API (Keon CA API) allows