Table of Contents

http://www.identityfinder.com/kb/Enterprise-Documentation/191239

  1. Install IIS, .NET 3.5 Feature, and .NET Framework 4 Full (you have to add the Webserver and Application server roles to get IIS and .net3.5, but you can get .net 4 from microsoft website) (http://www.identityfinder.com/kb/Enterprise-Documentation/573167)
  2. Install SQL Server Express with defaults (DO NOT USE 2012 VERSION!!!!!! ONLY 2008 R2!!!!)
  3. Install Identity Finder with defaults (Create encrypted data password and setup admin account)
  4. Go to C:\Program Files\Identity Finder\Console Administrator
  5. Make a desktop Shortcut to C:\Program Files\Identity Finder\Console Administrator\consoleadministrator.exe
  6. Create a pfx file with the .cer the key file, the pem file and output it to .pfx
  7. Import Server Certificate for computer (bloodhound.aoe.vt.edu), by going to IIS Manager and clicking on BLOODHOUND, then under IIS there is an icon called Server Certificates, click there and go to import. Then pput in the .pfx file and the password (KEEP, Allow this Certificate to be exported, Checked!)
  8. Open up ConsoleAdministrator.exe, go to web settings, for the Console and Services Applications change them both to HTTPS Only
  9. Go into IIS Manager, Right-Click on Default Web Site, go to Edit Bindings, Click on ADD, Choose HTTPS, ALL UNASSIGNED, Port 443, and choose Bloodhound.aoe.vt.edu Certificate in SSL Certificate dropdown.
  10. In IIS Manager click on Console, under Default Web Site, then Click on SSL Settings, Check the Require SSL box, leave ignore checked.
  11. In IIS Manager click on Services, under Default Web Site, then Click on SSL Settings, Check the Require SSL box, leave ignore checked.
  12. Try browsing to https://bloodhound.aoe.vt.edu/Console without having the security certificate error coming up.

bloodhound certificate

To install a certificate on a machine like bloodhound.aoe.vt.edu, go to 

http://www.pki.vt.edu/subscriber/ssl_certificate.html

follow the steps! Following instructions show how to answer some of the questions in the procedure.

1. Request Approval to Enroll for VTCA Certificates

Use this information for the Request Approval

Select: VT Global Web Server

or

If multiple names are to be used with the server, then “Multi Subject Alt names” allows several names to be entered like www.aoe.vt.edu, www2.aoe.vt.edu or www.dept.aoe.vt.edu 

Common Name CN= bloodhound.aoe.vt.edu
Dept Name OU= Aerospace and Ocean Engineering

submit with your contact information and the password that will be used to encrypt the certificate.

2. Request Form

Print and fill out the “Request Form”, have a department head sign it and fax it back to the number on the form. Department heads as of Aug 7, 2012 are Bob Canfield, Wayne Nue, Wanda Foushee and Ed Nelson.

3. Generate the "Certificate Signing Request"

cd /home/sysadmin/certs/requests/
./generate.sh bloodhound

The name parameter provides a name for the files in the pwd. Answer the questions as appropriate.

Two files are generated with this script. One is the CSR and the other is the private key. Keep the private key safe and use read only permissions.

The files are place in the …/requests/ folder; as stated above, keep the key protected!

The signed file are kept in vt_pki/

The other file, …_other_req.pem, will be sent or pasted in to the next step.

4. Enroll for VTCA Certificates

After submitting the approval request and faxing the request form, you should receive an email indicating the certificate is approved and ready to be picked up. You will need the password in the email to proceed.

As stated on the instruction page, “When completing the enrollment web form, use the username provided in the email and the password that you created when you submitted your approval request.”

5. upload the ...other_req.cer file

Either browse to the file (ex. bloodhound_2012-08-01_other_req.csr), or paste in the text.

6. Download the signed certificate

The certificate file will be downloaded to your computer during this process. It can be retrieved later from the link in a confirmation email, but it will be in a different format. The formats can be converted using openssl on a Linux box.

7. Install the certificate on the computer

Procedures vary depending on the web server. For bloodhound, it used IIS7, and will need the private key and certificate all together in one pkcs12.

To combine the elements, use openssl. 

openssl pkcs12 -export -out bloodhound.pfx -inkey ../requests/bloodhound_2012-08-01_other_key.pem -in bloodhoundaoevtedu.pem
out: the output file with both keys wrapped together.
inkey: is the signed key from pki.vt.edu
in: private key

Transfer the .pfx file to the server using a secure transport.

To install the key in IIS, use the IIS manager.

Update

Get files from Canvas

Unzip the MSI Builder and put these files in the folder just extracted

Console Upgrade

Open Console Administrator Tool (CAT)

User:

Google “Spirion Console installation” for instructions

Get license file from Jeffery Lang if it is not on Canvas

SQL Server Management Studio