Install the Web Services Option Pack
| Before proceeding with the installation, a MongoDB database must already be running. You need the hostname, replica set name, and any database authentication details for the WSOP configuration. If a replica set is not in use, this option must be commented out. |
-
Open a terminal window and create a temporary directory to unpack the WSOP tar to:
mkdir wsop_install -
Extract the WSOP tar to the temporary directory created above:
sudo tar -xzf wsop-p11-X.X.X.tar.gz -C wsop_install
The WSOP release tarball contains the following installation archives:
| Filename | Package |
|---|---|
corecrypto.tar.gz |
WSOP Server |
dbmt.tar.gz |
Database Management Tool |
nShield-WebServicesClient-Linux-1.1.0.tar.gz |
PKCS #11 library and utilities for Linux |
nShield-WebServicesClient-Windows-1.1.0.tar.gz |
PKCS #11 library and utilities for Windows |
To install the WSOP Server, see WSOP Server Installation for more information.
To install the Database Management tool, see WSOP Database Management Tool.
To install the PKCS #11 library, see the nShield® Web Services PKCS #11 Provider User Guide.
WSOP Server Installation
To install the Web Services Option Pack Server:
-
Change to the root directory.
-
Extract the following files from the unpacked WSOP tar. This installs all files required by the WSOP service to
/opt/nfast.sudo tar -xzf /path/to/wsop_install/corecrypto.tar.gz sudo tar -xzf /path/to/wsop_install/wsop-common.tar.gz -
Update relevant sections of
config.yamlfor your server and MongoDB environment.An example configuration is provided at
/opt/nfast/webservices/corecrypto/conf/config.yaml.exampleIf
config.yamlis not found in thewebservices/corecrypto/confdirectory during the installation, then theconfig.yaml.examplefile will be copied over as the initialconfig.yaml.For assistance in configuring a new deployment, the Health Check configuration option allow_unauthenticated_clientscan be disabled to allow unrestricted access to the health check endpoint.Entrust recommends using a secure connection to the database at all times. In the default configuration, TLS for database connection is on and the authentication method with database is set to X509.The following database fields must be configured correctly before starting the WSOP service:
-
hostsfield specifies the addresses and ports of the database hosts:# List of database hosts hosts: - database1.ncipher.com:30001 - database2.ncipher.com:30002 - database3.ncipher.com:30003 -
db_ca_file,db_cert_fileanddb_key_filespecify the Certificate Authority (CA) files for database TLS.# Path to the mongoDB TLS certificate db_ca_file: /opt/nfast/webservices/corecrypto/tls/db/db_ca.crt # Path to the corecrypto client certificate (used when Mutual Authentication is enabled) db_cert_file: /opt/nfast/webservices/corecrypto/tls/db/db_client.pem # Path to the corecrypto client private key (used when Mutual Authentication is enabled) db_key_file: /opt/nfast/webservices/corecrypto/tls/db/db_client.key -
replica_setfield specifies the name of the MongoDB replica set used for WSOP server. The default value must be changed to the correct replica set for your configuration.# Name of the Replication Set replica_set: rs1
-
-
Install the Database Management Tool (DBMT) and initialize the database. For details, see the WSOP Database Management Tool chapter.
-
The Web Services Option Pack service can now be installed using the command:
sudo /opt/nfast/webservices/sbin/installThe installer will create the following, as required:
-
Either a SysV-style init script or systemd script for automatically starting and stopping the service.
-
The
wsopduser. This user is dedicated to runningcorecryptoservice.
-
|
Restarting the service
To restart the WSOP service: Each time the configuration file is changed, you must restart the WSOP service to take the new configuration into use. |