Install the Entrust Authority Security Manager
Installation steps:
Install the Entrust Authority database
Security Manager requires a database to store information about the Certification Authority, X.509 users, and EAC entities. For a list of supported databases, see PSIC-Entrust Authority Security Manager 10.0.
In this guide, an embedded Security Manager PostgreSQL database is used. This database will be installed on the same server that will host Security Manager.
For information more about installing and configuring Security Manager PostgreSQL Database, see the Security Manager Database Configuration Guide.
If you are using your own supplied database, Entrust strongly recommends that you install the database on its own dedicated server. To install and configure (or upgrade) your chosen database, read your database documentation and the Security Manager Database Configuration Guide.
To install and use Security Manager in a cluster, you must use your own supplied database. The Entrust-supplied Security Manager PostgreSQL Database does not support a clustered environment.
To install PostgreSQL Server on the server machine:
-
Download the PostgreSQL Server installer for the Windows operating system (
SecurityManagerPostgreSQL.11.7.41.msi) from the Entrust TrustedCare online support site. -
To start installing the PostgreSQL database for Security Manager, double-click the setup file
SecurityManagerPostgreSQL.11.7.41.msi.An installation wizard appears.
-
Select Next.
-
In the PostgreSQL Database Folders window, accept the default, then select Next.
-
In the PostgreSQL Windows Account Password window, set the password for easm_entrust_pg account, then select Next.
-
In the PostgreSQL Databases Accounts window, provide the password for the easm_entrust and easm_entbackup accounts and select Next.
-
In the PostgreSQL Database Port window, accept the default, select Next.
-
In the Check Setup Information window, review and select Next.
-
In the Ready to Install window, select Install.
-
In the Install Wizard Complete dialog, select Finish.
-
Close any open windows or dialogs.
-
If you do not see the setup dialogs when installing PostgreSQL, run the
ent_setup.batfile found at:C:\Program Files\Entrust\easm_postgres11\dbserver\bin. Follow the same instructions as above but in CLI format.For example:
[ent_setup] [ent_setup] Logging to 'C:\Users\Administrator\AppData\Roaming\postgresql\ent_setup.log'. [ent_setup] [ent_setup] ******************************************************* [ent_setup] Starting setup... [ent_setup] ******************************************************* [ent_setup] Welcome to the Entrust Security Manager PostgreSQL 11.7 Database setup. [ent_setup] [ent_setup] Checking for a previous version... [ent_setup] Registry key [HKLM:\SOFTWARE\Entrust\Postgres\10] does not exist, no installation found. [ent_setup] [ent_setup] Checking for current version... [ent_setup] Found InstallDir [C:\Program Files\Entrust\easm_postgres11\]. [init] [init] No upgradeable Entrust Security Manager PostgreSQL Database installation was found. [init] [init] Do you wish to initialize Entrust Security Manager PostgreSQL Database 11.7 at this time? (y/n): y [init] Performing a full initialization for installation at [C:\Program Files\Entrust\easm_postgres11]... [init] [init] Please choose a listen port for the server [5432]: [init] [init] Checking for 'easm_entrust_pg' OS user... [init] User was not found, creating OS user 'easm_entrust_pg'... [init] [init] ***NOTE***: Be sure to adhere to any of your organization's password rules as well. [init] [init] The following characaters cannot be used when choosing the password: [init] < > # \ " / | ' ^ ; & <space> <tab> [init] Please choose a password for: 'easm_entrust_pg': *********** [init] Please confirm the password for: 'easm_entrust_pg': *********** [init] The 'easm_entrust_pg' user has been successfully created. [init] Enabling SeServiceLogonRight for easm_entrust_pg... [init] [init] Please choose a location for the PostgreSQL Data directory : [c:\easm_entrust_pg_data_11]: [init] Adding full (inheritable) permission for [easm_entrust_pg] to location [c:\easm_entrust_pg_data_11]... [init] Adding full (inheritable) permission for [Administrators] to location [c:\easm_entrust_pg_data_11]... [init] Adding full (inheritable) permission for [WIN-6HSA5A3PQ56\Administrator] to location [c:\easm_entrust_pg_data_11]... [init] [init] Please choose a location for the PostgreSQL Wal directory : [c:\easm_entrust_pg_wal_11]: [init] Adding full (inheritable) permission for [easm_entrust_pg] to location [c:\easm_entrust_pg_wal_11]... [init] Adding full (inheritable) permission for [Administrators] to location [c:\easm_entrust_pg_wal_11]... [init] Adding full (inheritable) permission for [WIN-6HSA5A3PQ56\Administrator] to location [c:\easm_entrust_pg_wal_11]... [init] [init] Initializing Database cluster with database super user 'easm_entrust_pg'... [init] [init] Updating postgresql.conf... [init] [init] Registering PostgreSQL Server as a Windows service... [init] [init] Setting PostgreSQL service display name and
Make a note of these users and passwords as this information will be needed later in the setup.
Install the Entrust Authority Security Manager
To install Security Manager on the server computer:
-
Download the Security Manager for Windows (
SecurityManager.10.0.30.356.msi) from the Entrust TrustedCare online support site. -
Run the installation program.
The install wizard will launch and install the software.
The installation path after the install will be
C:\Program Files\Entrust. -
Once the installation completes, select Finish in the Install Wizard Complete dialog.
-
Preload the OCS or Softcard as described in configure-security-manager.adoc#establish-preload-session if you have not done this yet.
-
Install OpenLDAP for Windows on the client if you have not yet done so.
-
Test access to the directory service from the Security Manager server:
% ldapsearch -x -h ldap://<directory_services_server_IP_or_Name> -D "cn=admin,dc=ldapmaster,dc=entrustsm,dc=local" -b "dc=ldapmaster,dc=entrustsm,dc=local" -s sub -W"