Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. At the time of installation select the Advanced Configuration option at Database Configuration screen and click on Next
  2. At the next screen of Advanced JDBC Configuration, leave the windows User ID and Password fields empty
  3. In the JDBC URL field enter the database server name and database name along with following details:

    1. Kerberos Authentication
      jdbc:jtds:sqlserver://<DATABASE_MACHINE>:1433/<DATABASE_NAME>;integratedSecurity=true
      e.g. jdbc:jtds:sqlserver://db-machine:1433/adss-db;integratedSecurity=true

    2. NTLM Authentication
      jdbc:jtds:sqlserver://<DATABASE_MACHINE>:1433/<DATABASE_NAME>;domain=<DOMAIN_NAME>;useNTLMv2=true
      e.g. jdbc:jtds:sqlserver://db-machine:1433/adss-db;Ascertia;useNTLMv2=true

  4. Click Next button to proceed with the installation wizard.
  5. Follow this KB article to register all the instances of ADSS Server under domain user account:
    HowtoregisteralltheinstancesofADSSServer/SigningHubCoreunderdomainuseraccount? 

Note

The user account should be in administrators group on the ADSS Server machine as well as have necessary read/write privileges on the database created for the ADSS Server.

...

  1. Install ADSS Server using SQL Server authentication.
  2. Click here to download a patch that is required to run ADSS Server and SigningHub Core without storing username and password over windows authentication.
  3. Unzip the patch and overwrite its content on [SigningHub-Home].
  4. Now go to [SigningHub-Home]/tools/adss-server/conf directory.
  5. Open the hibernate.cfg.xml in edit mode and change the values of these elements as shown below:

    • For Windows Authentication (Kerberos)

      Code Block
      titlehibernate.cfg.xml
      languagexml
      <property name="hibernate.connection.url">jdbc:jtds:sqlserver://localhost:1433;databaseName=ADSS-Server-DB;IntegratedSecurity=true</property>
      <property name="hibernate.connection.username"></property>

      Note: User name must be left empty or username property must be removed in case of Windows Authentication (Kerberos)

       

    • For Windows Authentication (NTLM):

      Code Block
      titlehibernate.cfg.xml
      languagexml
      <property name="hibernate.connection.url">jdbc:jtds:sqlserver://<DATABASE_MACHINE>:1433/<DATABASE_NAME>;domain=<DOMAIN_NAME>;;useNTLMv2=true</property>
      <property name="hibernate.connection.username">DOMAIN_USER_NAME</property>
  6. Now go to [SigningHub-Home]/core/conf directory.
  7. Open the hibernate.cfg.xml in edit mode and change the values of these elements as shown below:

    Code Block
    titlehibernate.cfg.xml
    languagexml
    <property name="hibernate.connection.driver_class">com.microsoft.sqlserver.jdbc.SQLServerDriver</property>
    <property name="hibernate.connection.url">jdbc:sqlserver://localhost:1433;databaseName=SH-DB;IntegratedSecurity=true</property>
    <property name="hibernate.connection.username">db-user</property>
    <property name="hibernate.connection.password">password</property>
    <property name="hibernate.hbm2ddl.auto">none</property>
    Note

    Do not comment or delete the username and password properties from the file - use these values as a dummy username and password otherwise ADSS Server and/or SigningHub will fail to start.

  8. Follow this KB article to register all the instances of ADSS Server/SigningHub Core under domain user account: 
    HowtoregisteralltheinstancesofADSSServer/SigningHubCoreunderdomainuseraccount?

How to register all the instances of ADSS Server/SigningHub Core under domain user account?

After the installation of ADSS Server with Windows Authentication, follow these steps to register all the instances of ADSS Server under domain user account:

  1. Launch the Windows Services Panel.

  2. Stop the ADSS Server Core, Console and Service instances instances.

  3. Right click and open the properties for each instance one by one:

    1. Navigate to Log On tab

    2. Change the Log On as settings from "Local System account" to "This account", provide the username and password for the domain user account as shown below:

  4. Start (Ascertia-ADSS-ConsoleAscertia-ADSS-CoreAscertia-ADSS-Service) from windows services panel for the changes to take effect.

How to Install ADSS Server with Azure SQL? 

  1. Extract the ADSS Server package
  2. Go to location: [ADSS-Server-Installation-Dir]\tomcat\bin and edit these files: 

    For Linux

      • Edit catalina.sh file in a text editor and search for the parameter JAVA_OPTS and add parameter -Dcom.sun.net.ssl.enableECC=false at the end and save the changes as shown below:

        Code Block
        titlecatalina.sh
        themeRDark
        languagepowershell
        JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dcom.sun.net.ssl.enableECC=false"

    For Windows

      • Edit catalina.bat file in a text editor and search for the strings %JAVA_OPTS% %CATALINA_OPTS% and add parameter -Dcom.sun.net.ssl.enableECC=false at the end of each string and save the changes as shown below:

        Code Block
        titlecatalina.bat
        themeRDark
        languagepowershell
        %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Dcom.sun.net.ssl.enableECC=false -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
        goto end
        :doSecurity
        
        %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Dcom.sun.net.ssl.enableECC=false -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
        goto end
        :doJpda
        
        if not "%SECURITY_POLICY_FILE%" == "" goto doSecurityJpda
        %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %JPDA_OPTS% %DEBUG_OPTS% -Dcom.sun.net.ssl.enableECC=false -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
        goto end
        :doSecurityJpda
        
        %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %JPDA_OPTS% %DEBUG_OPTS% -Dcom.sun.net.ssl.enableECC=false -Djava.endorsed.dirs="%JAVA_ENDORSED_DIRS%" -classpath "%CLASSPATH%" -Djava.security.manager -Djava.security.policy=="%SECURITY_POLICY_FILE%" -Dcatalina.base="%CATALINA_BASE%" -Dcatalina.home="%CATALINA_HOME%" -Djava.io.tmpdir="%CATALINA_TMPDIR%" %MAINCLASS% %CMD_LINE_ARGS% %ACTION%
        goto end
        :end
      • Edit the service.bat file in a text editor and search for the parameter --JvmOptions and ++JvmOptions one by one, add parameter ;-Dcom.sun.net.ssl.enableECC=false at the following location for both of them and save the changes

        Code Block
        titleservice.bat
        themeRDark
        languagepowershell
        "%EXECUTABLE%" //US//%SERVICE_NAME% --JvmOptions "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true;-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true;-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed;-Dcom.sun.net.ssl.enableECC=false" --StartMode jvm --StopMode jvm
         
        "%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true;-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true;-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties;-Dcom.sun.net.ssl.enableECC=false" --JvmMs %6 --JvmMx %7
  3. Go to [ADSS-Server-Installation-Dir]/setup directory and run the install.bat/sh file by right clicking and choosing Run as administrator option
  4. On the ADSS Server Installation Type dialog, select the required option
  5. Select the appropriate ADSS Server license file
  6. Select the database type Azure SQL
  7. Provide the credentials for the restored database on Azure SQL
  8. Continue with the installation and click the Finish button to complete the installation. More detailed instructions can be found in section 3.1.4 of the ADSS Server installation guide.

Ensuring that Linux daemons are started successfully

On some flavors of Linux (e.g. Fedora) ADSS Server daemons are not started by default at boot time.  To ensure the three daemons start at boot time, append the following commands in /etc/rc.local/:

 

Code Block
languagebash
service tomcatd-ADSS-core start
service tomcatd-ADSS-console start
service tomcatd-ADSS-service start

 

Now all of the ADSS Server daemons will start properly after a system reboot.

What causes ADSS Server Windows services and Unix daemons to not register properly during installation?

When ADSS Server services are not registered properly it is usually because the installer process has not been run with using Administrator (or root) privileges.
If the ADSS Server is installed but the services are not registered then follow these instructions to register the daemon/services:

For Windows:

  1. Go to the folder: [ADSS Server installation directory]/tomcat/bin/.
  2. Execute the following batch files one by one using administrator privileges (right click and then select the option Run as administrator).
    • install_core.bat
    • install_console.bat
    • install_service.bat

For UNIX:

  1. Go to the directory: [ADSS Server installation directory]/tomcat/bin/.
  2. Execute the following script files one by one using root user privileges.
    • install_core.sh
    • install_console.sh
    • install_service.sh


NOTE:  Very occasionally the ADSS Server Windows services might not register properly because of this issue:

  1. Go to the location: [ADSS Server installation directory]/tomcat/bin/
  2. Open the following script files one by one and ensure the property "set INSTALL_PATH" is set to point to the absolute path for the ADSS Server root installation directory e.g. D:/ADSSv5.2/
    • install_core.bat
    • install_console.bat
    • install_service.bat
  3. If this property is not correctly set then edit the files and set the correct path of the ADSS Server installation folder 
  4. If you see permission issues (e.g. access denied message) then temporarily copy these files to a location where you have full permissions to modify the files e.g. your desktop and modify these files
    After modifying them copy and overwrite these files back to their original location, click on OK if a dialog appears asking for administrative rights.
  5. Run these modified install scripts one by one and right click select Run as administrator
  6. Check that the Windows services are now registered within the Windows services panel

Running ADSS Server as a non-root user daemon on UNIX

...

  1. Launch the ADSS Server Console in a web browser and go to location: Global Settings > System Integrity Security
  2. Click on Generate OTP button. System will generate and show the OTP (One Time Password).
  3. Now open the Command Prompt/Terminal under administrator/root privileges.
  4. Navigate to the [ADSS Server installation directory]\Setup directory.
  5. Type the following command bin\compute_hmac.bat  (for Windows) or bin\compute_hmac.sh (for Linux) to execute the utility. It will ask for OTP generated in Step 2 to complete the HMAC operation.
  6. Provide the generated OTP and press Enter button. Utility will be closed automatically once the operation is completed.

...