Bitnami DokuWiki

User Tools

Site Tools

Trace: phototgraphy sans508-5 identityfinder
aoe:identityfinder

Table of Contents

http://www.identityfinder.com/kb/Enterprise-Documentation/191239

  1. Install IIS, .NET 3.5 Feature, and .NET Framework 4 Full (you have to add the Webserver and Application server roles to get IIS and .net3.5, but you can get .net 4 from microsoft website) (http://www.identityfinder.com/kb/Enterprise-Documentation/573167)
  2. Install SQL Server Express with defaults (DO NOT USE 2012 VERSION!!!!!! ONLY 2008 R2!!!!)
  3. Install Identity Finder with defaults (Create encrypted data password and setup admin account)
  4. Go to C:\Program Files\Identity Finder\Console Administrator
  5. Make a desktop Shortcut to C:\Program Files\Identity Finder\Console Administrator\consoleadministrator.exe
  6. Create a pfx file with the .cer the key file, the pem file and output it to .pfx
  7. Import Server Certificate for computer (bloodhound.aoe.vt.edu), by going to IIS Manager and clicking on BLOODHOUND, then under IIS there is an icon called Server Certificates, click there and go to import. Then pput in the .pfx file and the password (KEEP, Allow this Certificate to be exported, Checked!)
  8. Open up ConsoleAdministrator.exe, go to web settings, for the Console and Services Applications change them both to HTTPS Only
  9. Go into IIS Manager, Right-Click on Default Web Site, go to Edit Bindings, Click on ADD, Choose HTTPS, ALL UNASSIGNED, Port 443, and choose Bloodhound.aoe.vt.edu Certificate in SSL Certificate dropdown.
  10. In IIS Manager click on Console, under Default Web Site, then Click on SSL Settings, Check the Require SSL box, leave ignore checked.
  11. In IIS Manager click on Services, under Default Web Site, then Click on SSL Settings, Check the Require SSL box, leave ignore checked.
  12. Try browsing to https://bloodhound.aoe.vt.edu/Console without having the security certificate error coming up.

bloodhound certificate

To install a certificate on a machine like bloodhound.aoe.vt.edu, go to 

http://www.pki.vt.edu/subscriber/ssl_certificate.html

follow the steps! Following instructions show how to answer some of the questions in the procedure.

1. Request Approval to Enroll for VTCA Certificates

Use this information for the Request Approval

Select: VT Global Web Server

or

If multiple names are to be used with the server, then “Multi Subject Alt names” allows several names to be entered like www.aoe.vt.edu, www2.aoe.vt.edu or www.dept.aoe.vt.edu 

Common Name CN= bloodhound.aoe.vt.edu
Dept Name OU= Aerospace and Ocean Engineering

submit with your contact information and the password that will be used to encrypt the certificate.

2. Request Form

Print and fill out the “Request Form”, have a department head sign it and fax it back to the number on the form. Department heads as of Aug 7, 2012 are Bob Canfield, Wayne Nue, Wanda Foushee and Ed Nelson.

3. Generate the "Certificate Signing Request"

cd /home/sysadmin/certs/requests/
./generate.sh bloodhound

The name parameter provides a name for the files in the pwd. Answer the questions as appropriate.

Two files are generated with this script. One is the CSR and the other is the private key. Keep the private key safe and use read only permissions.

The files are place in the …/requests/ folder; as stated above, keep the key protected!

The signed file are kept in vt_pki/

The other file, …_other_req.pem, will be sent or pasted in to the next step.

4. Enroll for VTCA Certificates

After submitting the approval request and faxing the request form, you should receive an email indicating the certificate is approved and ready to be picked up. You will need the password in the email to proceed.

As stated on the instruction page, “When completing the enrollment web form, use the username provided in the email and the password that you created when you submitted your approval request.”

5. upload the ...other_req.cer file

Either browse to the file (ex. bloodhound_2012-08-01_other_req.csr), or paste in the text.

6. Download the signed certificate

The certificate file will be downloaded to your computer during this process. It can be retrieved later from the link in a confirmation email, but it will be in a different format. The formats can be converted using openssl on a Linux box.

7. Install the certificate on the computer

Procedures vary depending on the web server. For bloodhound, it used IIS7, and will need the private key and certificate all together in one pkcs12.

To combine the elements, use openssl. 

openssl pkcs12 -export -out bloodhound.pfx -inkey ../requests/bloodhound_2012-08-01_other_key.pem -in bloodhoundaoevtedu.pem
out: the output file with both keys wrapped together.
inkey: is the signed key from pki.vt.edu
in: private key

Transfer the .pfx file to the server using a secure transport.

To install the key in IIS, use the IIS manager.

  • Click on the computer in the connections panel on the left
  • double click on Server Certificates in the middle
  • click on Import… on the right
  • Browse to the .pfx file
  • Enter the password you gave way back in step one during the approval request.
  • Make sure “Allow this certificate to be exported” option is checked!
  • Check bindings for 443 and select the certificate if it is not pointed to the new one

Update

Get files from Canvas

  • SpirionConsoleSetup.exe (?) (Not used for MSI builder, just to upgrade the Console)
  • identityfinder.lic
  • SpirionSetup.exe
  • SpirionMSIBuilderV?.zip

Unzip the MSI Builder and put these files in the folder just extracted

  • identityfinder.lic
  • SpirionSetup.exe

Console Upgrade

  • Backup the database
  • Run SpirionConsoleSetup.exe
    • Click next until Prerequisites satisfied. A new system would need the pre-requisites.
    • Use default web site
    • Use existing database
    • use BLOODHOUND\Administrator
    • next until finished

Open Console Administrator Tool (CAT)

  • leave database alone unless to rebuild index
  • Check Web Application Settings
    • Check https only for both
      • /Console
      • /Services

User:

Google “Spirion Console installation” for instructions

Get license file from Jeffery Lang if it is not on Canvas

SQL Server Management Studio

  • SQL Database
    • use the local Administrator account
  • Web Access
    • username: aoeadmin
    • pw: 2Q
  • DB Encryption PW: 2…….
  • Admin login on the web:
    • username: admin
    • 2…….
aoe/identityfinder.txt · Last modified: 2020/10/21 15:49 by 127.0.0.1