manualshive.com logo in svg

Vasco IDENTIKEY AG-3 Series, Installation And Maintenance Manual

The Vasco IDENTIKEY AG-3 Series Installation And Maintenance Manual is available for free download from our website. This comprehensive manual provides detailed instructions on installing and maintaining your AG-3 Series product, ensuring optimal performance and security. Download your copy today at manualshive.com.

Share
Download
background image

 

 

Hardware Security Module

ctcert c -t ec -Csecp256r1 -d1825d -k -lMasterAuditKey -s0 
-xattributes.txt 

Where:

ec

 means create an Elliptic Curve key.

-Csecp256r1 

means to create the key using this type of elliptic curve 

1825d

 creates a certificate which has a validity period of 1825 days from the date this command is run

MasterAuditKey

 will be the label of the private key created on the HSM device.

-s0

 means create this keypair /certificate on the HSM slot 0

attributes.txt

 is the attributes file previously created.

You will be prompted to enter the user pin for the specified slot (i.e. slot 0 in this case).

2.

Extract the public certificate from the device and save it to a .pem file:

ctcert x -lMasterAuditCertificate -s0 -faudit_cert.pem 

Where:

MasterAuditCertificate

 is the name of the certificate created in the previous step, from the 

label

 field in the 

attributes.txt

 file.

-s0 

specifies the slot where the certificate is located

audit_cert.pem 

is the PEM file that will contain the public certificate

Note

Secure Auditing for IDENTIKEY Appliance only supports elliptic curve keys that are NIST P-256
compliant and stored in pkcs12 format.

 

IDENTIKEY Appliance Installation and Maintenance

 107

Summary of Contents for IDENTIKEY AG-3 Series

Page 1: ...e IDENTIKEY Appliance Installation and Maintenance 1 IDENTIKEY Appliance Installation and Maintenance Guide 3 6 8...

Page 2: ...terials published in this Site may be downloaded copied transferred disclosed reproduced redistributed or transmitted in any form or by any means electronic mechanical or otherwise for any commercial...

Page 3: ...iance 15 4 3 Connect to your Network 16 5 First time Configuration 18 5 1 Overview 18 5 2 Access and Log on to the IDENTIKEY Appliance Configuration Tool 20 5 3 Configuration Wizard 23 5 4 Upload Lice...

Page 4: ...on upgrade 76 8 7 Re licensing for a Change of IP Address or Replacement 77 8 8 Re licensing for an appliance restored to Factory Default 78 9 Update IDENTIKEY Appliance 79 9 1 Overview 79 9 2 Retriev...

Page 5: ...izard 100 13 Hardware Security Module 102 13 1 SafeNet HSMs 103 14 Support 110 14 1 Overview 110 14 2 If you encounter a problem 110 14 3 Remote Support Connection 111 14 4 Setting up a replacement or...

Page 6: ...ns 42 Image 24 Product Type Selection 43 Image 25 License Request 44 Image 26 Download License File 45 Image 27 Licensing Wizard Step 3 Upload License 46 Image 28 Licensing Wizard Step 4 License Activ...

Page 7: ...Backup Manually 91 Image 61 Configuring FTP left or SFTP right for Automatic Backup and Testing Settings 92 Image 62 Configuring Frequency of Automatic Backup 93 Image 63 Configuring and Testing Setti...

Page 8: ...Contents Index of Tables Table 1 IDENTIKEY Appliance Dimensions 11 Table 2 Settings to connect a workstation or laptop computer to the IDENTIKEY Appliance 61 IDENTIKEY Appliance Installation and Maint...

Page 9: ...rence only Information is provided in table format for quick reference The IDENTIKEY Appliance Administrator Guide This manual provides in depth guidance for performing common or complicated tasks on...

Page 10: ...erly grounded before turning on the power Turn the IDENTIKEY Appliance off before you disconnect the power supply To conform to certification restrictions only use a network cable with maximum length...

Page 11: ...alling the IDENTIKEY Appliance in a server room with air conditioning and UPS Uninterrupted Power Supply If the equipment is built into a server cupboard make sure that there is sufficient ventilation...

Page 12: ...toring the IDENTIKEY Appliance on a sliding shelf are available for the AG5XXX models only These are not included in the VASCO price list Please consult www supermicro com for compatible chassis rails...

Page 13: ...network DNS Server IP address es for your network DNS Suffix es optional Proxy Server settings optional IDENTIKEY Appliance Maintenance Reference for a Commercial License only IDENTIKEY Appliance Seri...

Page 14: ...or connecting the IDENTIKEY Appliance to your network Important Please first read the safety information in Section 2 Safety and Environmental Information and check that all the package contents you n...

Page 15: ...ance is delivered with two LAN Ethernet interfaces see image above one of which needs to be connected using an appropriate network cable to the network s hub or switch IDENTIKEY Appliance Installation...

Page 16: ...plugged into one of the LAN Ethernet interfaces and your network hub or switch 4 3 Connect to your Network There are two ways to change the IDENTIKEY Appliance IP address to an address within your ne...

Page 17: ...a reply is received as shown in the image above everything is OK If a reply is not received indicated by the messages time out or destination host unreachable Check that the workstation s TCP IP setti...

Page 18: ...Service Center from where a license key can be downloaded After installation and before Licensing the IDENTIKEY Appliance Configuration Tool is accessible for configuration but the IDENTIKEY Authentic...

Page 19: ...he required files can be downloaded to another computer and transferred to the IDENTIKEY Appliance Note If you want to restore an existing instance of IDENTIKEY Appliance you do not need to undergo al...

Page 20: ...Appliance IPaddress This URL will point to the IDENTIKEY Appliance Welcome Page from the Welcome Page you access both the IDENTIKEY Appliance Configuration Tool and the Administration Web Interface On...

Page 21: ...accepted the login page for the Configuration Tool will be displayed 3 Log on using administrator login credentials The default administrative user name and password is IDENTIKEY Appliance Installati...

Page 22: ...Appliance Configuration Tool is accessed for the first time the IDENTIKEY Appliance automatically detects that this is a first time installation and launches the Configuration Wizard IDENTIKEY Applia...

Page 23: ...figure the IDENTIKEY Appliance on your network The following screens are available 1 Welcome 2 End User License Agreement 3 Oracle Binary Code License Agreement for Java SE 4 Password change 5 IDENTIK...

Page 24: ...First time Configuration 5 3 1 Welcome IDENTIKEY Appliance Installation and Maintenance 24 Image 6 Configuration Wizard Step 1 Welcome...

Page 25: ...e Agreement carefully To accept the terms click in the check box 5 3 3 Oracle Binary Code License Agreement for Java SE Please read the terms of the Oracle Binary Code License Agreement carefully IDEN...

Page 26: ...First time Configuration To accept the terms select the check box IDENTIKEY Appliance Installation and Maintenance 26 Image 8 Configuration Wizard Step 3 Oracle Binary Code License Agreement...

Page 27: ...pleted a more secure Administrator User ID will be created Disable the default sysadmin user after completing the IDENTIKEY Authentication Server Setup Wizard as described in the IDENTIKEY Appliance A...

Page 28: ...First time Configuration 5 3 5 Hostname IDENTIKEY Appliance Installation and Maintenance 28 Image 10 Configuration Wizard Step 5 Hostname...

Page 29: ...onnection to the VASCO Service Center requires a Default Gateway to be configured and access on TCP port 443 For more information please refer to the Firewall Ports section of the IDENTIKEY Appliance...

Page 30: ...e Synchronization The address ntp vasco com can be entered for the default time server or another NTP server can be entered IDENTIKEY Appliance Installation and Maintenance 30 Image 12 Configuration W...

Page 31: ...vation and perform other configurations manually via the IDENTIKEY Appliance Configuration Tool If you changed the IP address during First Time configuration specifically 5 3 6 Network Settings then y...

Page 32: ...Immediately after completing the First time Configuration Wizard via the Activation Successful screen see Section 5 3 8 Activation Successful After completing the Configuration Wizard via a status sc...

Page 33: ...ion Note After the second screen in the Licensing wizard you will need to access the VASCO Product Registration website before you can continue with the third screen Tip The circumstances under which...

Page 34: ...First time Configuration 5 3 11 Welcome IDENTIKEY Appliance Installation and Maintenance 34 Image 15 Licensing Wizard Step 1 Welcome...

Page 35: ...ire a VASCO License file for your IDENTIKEY Appliance you need to upload the previously mentioned System Info file to the VASCO Product Registration website This file identifies your appliance to VASC...

Page 36: ...g a Commercial License File To identify your IDENTIKEY Appliance to VASCO for a License file to be issued you need to 1 Browse or follow the link to VASCO s Registration website https sc vasco com reg...

Page 37: ...ime Configuration 2 If you have read and agree with VASCO s Terms and Conditions select the check box and click I AGREE IDENTIKEY Appliance Installation and Maintenance 37 Image 18 VASCO Terms and Con...

Page 38: ...for validation You need to click on the link to confirm receipt of the email before you can proceed with product registration In some cases you may also be asked to complete a survey regarding the us...

Page 39: ...an Evaluation License File To request an evaluation License file to be issued you need to 1 Browse to VASCO s Registration website https sc vasco com registration Select Click here for an evaluation l...

Page 40: ...First time Configuration IDENTIKEY Appliance Installation and Maintenance 40 Image 21 VASCO s Registration website...

Page 41: ...First time Configuration 2 Select the IDENTIKEY Authentication Server registration IDENTIKEY Appliance Installation and Maintenance 41 Image 22 VASCO Registration Product Selection...

Page 42: ...figuration 3 If you have read and agree with VASCO s Terms and Conditions tick the check box and click on I AGREE IDENTIKEY Appliance Installation and Maintenance 42 Image 23 VASCO Registration Terms...

Page 43: ...organization A description may be entered but is optional 6 Use the Browse button to browse to the System Info file downloaded in section 5 3 12 System Information 7 In the Component field select IDEN...

Page 44: ...First time Configuration 8 Click on Create Evaluation License IDENTIKEY Appliance Installation and Maintenance 44 Image 25 License Request...

Page 45: ...First time Configuration 9 Right click to download and save the evaluation License file IDENTIKEY Appliance Installation and Maintenance 45 Image 26 Download License File...

Page 46: ...to the Licensing wizard and enter or browse to the License file which you downloaded from VASCO s Registration website Click on Next to upload the file IDENTIKEY Appliance Installation and Maintenanc...

Page 47: ...First time Configuration 5 4 1 License Activation IDENTIKEY Appliance Installation and Maintenance 47 Image 28 Licensing Wizard Step 4 License Activation...

Page 48: ...rd or uncheck the check box just complete the activation and perform manual configuration in the IDENTIKEY Appliance Configuration Tool The IDENTIKEY Authentication Server Setup Wizard can be launched...

Page 49: ...nistrator Login HSMs and Secure Auditing 5 5 1 IDENTIKEY Authentication Server Settings 1 Enter the name of the Master Domain to be used and select the Name Conversion criteria At this stage you have...

Page 50: ...h will end after the specified time in seconds has elapsed Secure Auditing setup will be different depending on whether or not you have HSM enabled If you have HSM enabled encryption settings will be...

Page 51: ...arding HSMs refer to the IDENTIKEY Appliance Product Guide Before starting ensure that the license for IDENTIKEY Appliance includes Hardware Security Module functionality Refer to 13 Hardware Security...

Page 52: ...ation Server password strength rules See the IDENTIKEY Appliance Product Guide for more details on the password strength rules 5 6 1 Ready to Configure 1 Once the details have been provided on the IDE...

Page 53: ...First time Configuration 5 6 2 Configured IDENTIKEY Appliance Installation and Maintenance 53 Image 34 IDENTIKEY Authentication Server Setup Wizard Ready to Configure...

Page 54: ...port Certificate 1 Browse to VASCO s Registration website https sc vasco com registration Enter the Contract ID and Serial Number provided by VASCO for your IDENTIKEY Appliance and click on Login IDEN...

Page 55: ...e Configuration 2 If you have read and agreed with VASCO s Terms and Conditions tick the check box and click on I AGREE IDENTIKEY Appliance Installation and Maintenance 55 Image 36 VASCO s Registratio...

Page 56: ...First time Configuration IDENTIKEY Appliance Installation and Maintenance 56 Image 37 VASCO Terms and Conditions...

Page 57: ...ick to download the Support Certificate and save it to your network 5 Access the IDENTIKEY Appliance Configuration Tool as explained in 5 2 Access 6 In the IDENTIKEY Appliance Configuration Tool navig...

Page 58: ...he Support Certificate you have downloaded from the VASCO Product Registration website and click Open The Support Certificate information is displayed IDENTIKEY Appliance Installation and Maintenance...

Page 59: ...escue with no password The Rescue menu is displayed Connect a workstation or laptop computer to the IDENTIKEY Appliance using a serial null modem cable plugged into a serial port on both devices Setti...

Page 60: ...2 Settings to connect a workstation or laptop computer to the IDENTIKEY Appliance Field Value Baudrate 115200 bits per second Parity None Data Bits 8 Stop Bit 1 Terminal Type VT100 IDENTIKEY Applianc...

Page 61: ...ettings Authentication option This facility allows you to create your own Users with associated high strength passwords who have access to the Rescue Tool The Number of Additional Logins field enables...

Page 62: ...onality Type in the letter referenced in front of a menu option in the Rescue Tool to select the option Pressing Esc returns to the previous menu screen pressing Esc on the main screen exits the Rescu...

Page 63: ...tting the IDENTIKEY Appliance involves the following steps 1 type r to access the reset options 2 type f for system configuration reset 3 type y for yes to confirm system reset Reboot automatically fo...

Page 64: ...to change the password refer to section 5 3 Configuration Wizard The new password will be asked immediately a new login to the IDENTIKEY Appliance Configuration Tool is not required to change the pass...

Page 65: ...an be corrupted One of the following methods of powering off or rebooting the IDENTIKEY Appliance should be used in the following order of preference 1 Use the IDENTIKEY Appliance Configuration Tool S...

Page 66: ...ration Tool navigate to System Actions 2 Click on the Rescue IDENTIKEY admin User button The IDENTIKEY Appliance Configuration Tool will then request a Username and Password to be used for the reset T...

Page 67: ...g to DIGIPASS Password this allows authentication with a static password or a DIGIPASS One Time Password e Reset the Back end Authentication policy setting to None to prevent the use of Back end authe...

Page 68: ...for a Change of IP Address or Replacement When a back up is restored to a different IDENTIKEY Appliance for example in the case of a replacement IDENTIKEY Appliance see 8 7 Re licensing for a Change...

Page 69: ...tion Tool 2 If re licensing is necessary a link is provided in on the Status screen Click on the link to initiate the Licensing Wizard The Licensing Wizard can also be initiated in the IDENTIKEY Appli...

Page 70: ...screen after the Welcome screen displays the current licensing information There are therefore six wizard screens 1 Welcome 2 Current License see image below 3 System Information 4 Upload License 5 Li...

Page 71: ...explained in 5 3 10 Licensing Wizard 8 5 Re licensing for a New License Option or Type Re licensing for a new License option or type other than when upgrading from an Evaluation License requires the...

Page 72: ...licensing 2 If you have read and agree with VASCO s Terms and Conditions tick the checkbox and click on I AGREE IDENTIKEY Appliance Installation and Maintenance 72 Image 47 VASCO s Registration websi...

Page 73: ...Re licensing 3 Click on View installation information IDENTIKEY Appliance Installation and Maintenance 73 Image 48 VASCO Terms and Conditions...

Page 74: ...ion or type On the Upload License screen browse to and upload the License dat file which you downloaded from the VASCO Product Registration website in point 4 above On the License Activation screen cl...

Page 75: ...r for a backup restored to a different appliance e g for a replacement requires 1 Contact your IDENTIKEY Appliance supplier for release of the appliance from its initial license 2 Accessing the Licens...

Page 76: ...for re licensing after returning an appliance to Factory Default without restoring a backup requires 1 Contact your IDENTIKEY Appliance supplier for release of the appliance License from the old Conf...

Page 77: ...ding an update package from VASCO s Registration website On line through a connection to the VASCO Service Center An available update can be downloaded during the Update Wizard On completion of the Up...

Page 78: ...ation does not permit a connection between your IDENTIKEY Appliance and the VASCO Service Center To retrieve an Update package to be used in off line udpating 1 Browse to VASCO s Registration website...

Page 79: ...liance 2 Indicate that you have read and agree to the terms and conditions by checking the check box and clickingthe I Agree button IDENTIKEY Appliance Installation and Maintenance 79 Image 51 VASCO T...

Page 80: ...Update IDENTIKEY Appliance 3 Select the Files Product upgrades option IDENTIKEY Appliance Installation and Maintenance 80 Image 52 Files Product upgrades option...

Page 81: ...ppliance 4 Click on IDENTIKEY Appliance Off line upgrade packages to expand a list of available update packages IDENTIKEY Appliance Installation and Maintenance 81 Image 53 IDENTIKEY Appliance Off lin...

Page 82: ...iding entry of information needed to update the IDENTIKEY Appliance 1 Welcome 2 Select Update 3 Available Updates on line process only 4 Download Update on line process only 5 Verify Update 6 Install...

Page 83: ...Update IDENTIKEY Appliance 9 4 Welcome IDENTIKEY Appliance Installation and Maintenance 83 Image 55 Update Wizard Welcome Screen...

Page 84: ...o the VASCO Service Center you will need to download an update package from the VASCO Registration website Please see section 9 2 Retrieving off line Update Packages for instructions If you have alrea...

Page 85: ...e process only Retrieval steps are reported on the screen Any updates available from the VASCO Service Center are listed Click on an update to download it IDENTIKEY Appliance Installation and Maintena...

Page 86: ...n of this update and rebooting of the IDENTIKEY Appliance Services are temporarily unavailable during reboot Clicking on Cancel cancels the update and closes the wizard 9 9 Install Update Installation...

Page 87: ...l and allows administrators to upload configuration settings and data which have been backed up from another or the same appliance to the IDENTIKEY Appliance internal database If restored to the same...

Page 88: ...p To initiate a manual backup requires the following steps 1 In the IDENTIKEY Appliance Configuration Tool click on System and Backup Restore 2 Click on Create backup now Most web browsers will open a...

Page 89: ...TP server sends an encrypted fingerprint of its public host key to ensure that the SFTP connection is with the correct server Connection is only possible if the fingerprint is known to the IDENTIKEY A...

Page 90: ...to the documentation for your SFTP server for further instructions 5 Use the Test settings link to test the configuration 6 Click on the Calendar icon by the Schedule field to open the dialog for defi...

Page 91: ...NTIKEY Appliance Configuration Tool click on System Backup Restore 2 Check the Enabled checkbox in the Scripted Backups section Doing so will enable additional fields 3 Enter the following data a User...

Page 92: ...nload a backup can be freely chosen and defined on the System Backup screen These credentials are not associated with a User Account in the IDENTIKEY Authentication Server Administration Web Interface...

Page 93: ...e configured for Custom Encryption see section 10 2 Custom Encryption if you have configured Custom Encryption enter the Pass Phrase if you have not configured Custom Encryption click on Next 3 After...

Page 94: ...ckup on a replacement IDENTIKEY Appliance is accomplished via the same steps as a regular replacement procedure refer to Section 11 3 Replacement Procedure for the detailed steps IDENTIKEY Appliance I...

Page 95: ...aded before a backup can be restored following the series of steps explained in section 11 2 Upgrading For both procedures section numbers are indicated where you can find the detailed instructions in...

Page 96: ...rom your previous appliance will remain valid for a grace period of 30 days re license the replacement appliance following the procedure explained in section 8 7 Re licensing for a Change of IP Addres...

Page 97: ...pporting full services even when a hard disk fails Two hard disks are housed in two out of three available slots Configuration is supported through a wizard for which a link is automatically provided...

Page 98: ...nce to the RAID configuration for synchronization Replace synchronization of a disk to the RAID configuration will be stopped by the IDENTIKEY Appliance the disk needs to be physically removed from a...

Page 99: ...d The hard disk must be physically replaced The wizard returns to the Possible Actions screen and offers the Add action The Add action must be selected for the replacement disk to be added to the RAID...

Page 100: ...vide instructions on how to set up a Hardware Security Module device Configuring the HSM must be completed before initiating the IDENTIKEY Authentication Server Setup Wizard 5 5 IDENTIKEY Authenticati...

Page 101: ...e two options i Unsigned Firmware Module The unsigned VACMAN Controller Firmware Module file aal2sdk fm should be copied to the machine on which the HSM administration will take place You will have to...

Page 102: ...ion slot to which the certificate is being copied 4 Mark the certificate as trusted a At a terminal enter ctcert t l CertificateName s AdminSlotID where CertificateName is the name of the certificate...

Page 103: ...icate to be trusted and AdminSlotID is the ID of the administration slot to which the certificate has been imported 4 Upload the signed module to the HSM ctconf b CertificateName j aal2sdk fm 13 1 3 C...

Page 104: ...ust be performed each time a key change occurs and consistency among HSMs is required The exact steps for this procedure will depend on attributes specific to your HSM setup For instructions refer to...

Page 105: ...and this will be used as an epoch ID An epoch keypair will be generated consisting of an epoch public key and an epoch private key Each Secure Audit entry will contain the epoch public key the epoch...

Page 106: ...the issuer subject and key usage for this certificate The minimum key usage required is keyusage digitalSignature nonRepudiation The following is an example of the contents of an attributes file label...

Page 107: ...eviously created You will be prompted to enter the user pin for the specified slot i e slot 0 in this case 2 Extract the public certificate from the device and save it to a pem file ctcert x lMasterAu...

Page 108: ...oblem f you encounter a problem with a VASCO product please follow the steps below 1 Check whether your problem has already been solved and reported in the Knowledge Base at the following URL http www...

Page 109: ...is always enabled To open a connection for remote support 1 Access the IDENTIKEY Appliance Configuration Tool 2 In the IDENTIKEY Appliance Configuration Tool navigate to System Support 3 Toggle the E...

Page 110: ...DENTIKEY Appliance Configuration Tool directly 14 4 Setting up a replacement or new IDENTIKEY Appliance For instructions on setting up a replacement or new IDENTIKEY Appliance please see section 11 Re...

Page 111: ...69 Licensing Wizard 32 Manual Backup 90 Network Settings 29 Password Change 27 Password Reset 67 Power 11 Powering On 15 Pre installation 14 Re licensing 69 Reboot 66 88 6 3Rescue Tool 62 Access 60 C...

Reviews:

No comments

Related manuals for IDENTIKEY AG-3 Series

IBM 5100 User Reference Manual preview
5100
Brand: IBM Pages: 214
TANDBERG VCS Administrator'S Manual preview
VCS
Brand: TANDBERG Pages: 276
IBM 150 User Reference Manual preview
150
Brand: IBM Pages: 180
NEC Univerge SV9300 Programming Manual preview
Univerge SV9300
Brand: NEC Pages: 47
NEC Univerge SV9100 Manual preview
Univerge SV9100
Brand: NEC Pages: 766
IBM totalstorage 200 Hardware Installation Manual preview
totalstorage 200
Brand: IBM Pages: 152
IBM ProtecTIER DD6 Instructions Manual preview
ProtecTIER DD6
Brand: IBM Pages: 10
Tangent Thin Client 166 Datasheet preview
Thin Client 166
Brand: Tangent Pages: 2
Digi DIGI CONNECT ES Hardware Setup Manual preview
DIGI CONNECT ES
Brand: Digi Pages: 23
Supermicro SuperServer 2029BT-HNC0R User Manual preview
SuperServer 2029BT-HNC0R
Brand: Supermicro Pages: 148
Acer Altos RM900 Installation Manual preview
Altos RM900
Brand: Acer Pages: 52
Acer AB2x280 F1 Service Manual preview
AB2x280 F1
Brand: Acer Pages: 94
Acer Altos R700 Series User Manual preview
Altos R700 Series
Brand: Acer Pages: 135
Acer AC100 Specifications preview
AC100
Brand: Acer Pages: 10
Acer Altos R710 Service Manual preview
Altos R710
Brand: Acer Pages: 148
Acer Altos G300 User Manual preview
Altos G300
Brand: Acer Pages: 108
Acer Altos 350 User Manual preview
Altos 350
Brand: Acer Pages: 118
Acer Altos S300 User Manual preview
Altos S300
Brand: Acer Pages: 78

Brands by name

Popular brands

Load more brands