Installation
This page contains all necessary information for the installation of the MTG-KMS components. The packages shall be stored in an installation-directory inside the intended backend location, where the actual installation takes place.
The SHA256 checksums (hash values) and PGP-Signatures for the components will be delivered separately, to ensure the validity of the packages.
Prior to the installation, each component’s checksum has to be checked and verified (e.g. sha256sum for Linux Systems with bash shell) with the delivered checksums.
If any differences are encountered between a component’s checksum and the corresponding verification checksum, the package must not be installed.
|
| The following instructions are applicable to all MTG-KMS Components except for MTG-KMS PKCS#11 Library and MTG-KMS KMIP SDK. For more detailed instructions on those please refer to PKCS#11 Library and KMIP SDK installation pages respectively. |
Communication Security
The communication to the MTG KMS server takes place only through “localhost” if the components and the MTG KMS server are installed on the same system. In other scenarios, the communication should be secured by using SSL/TLS or VPN. The specific requirements, setup and the configuration of secure communication, is part of the customer’s IT-Security policies. Lastly, the customer stays responsible for the enforcement of these policies.
Package Installation
Use the following commands to install the packages:
| The installation requires “root” permissions. |
RPM-Based systems
rpm -U {package-name}-<X.X.X-REV>.<DIST>.<arch>.rpm
DPKG-Based systems
dpkg -i {package-name}-<X.X.X-REV>~<DIST-VER>_<arch>.deb
Package-Update Installation
An update of a package can be performed in the same way as the installation. The RPM installer also verifies any package dependencies, which will prevent the installation of a newer package without installing/updating the packages this newer package depends on.
| Existing config-files will be kept untouched by the update process. The package-management-system will either ask what to do with the changed config, or just place a copy of the new version in parallel to the existing one. |
Verification of the Package Installation
The installed MTG system packages can be listed with the following command:
RPM:
rpm -qa | grep -i mtg
DEB:
dpkg -l | grep -i mtg
The installed KMS packages can be listed with the following command:
RPM:
rpm -qa | grep -i kms
DEB:
dpkg -l | grep -i kms
Package Uninstall
| Upon uninstall of an MTG-KMS package, there is no security prompt before the uninstallation proceeds! |
RPM
An RPM package can be uninstalled by the following command:
rpm -e <PackageName>
The placeholder <PackageName> has to be replaced by the full name of the package to be uninstalled.
RPM also verifies any package dependencies, which will prevent uninstallation of a package without uninstalling the dependent packages.
DEB
An DEB-Package can be removed by the following command:
dpkg -r <PackageName>
The placeholder <PackageName> has to be replaced by the full name of the package to be uninstalled.
DPKG also verifies any package dependencies, which will prevent uninstallation of a package without uninstalling the dependent packages.
Repository for local Logging
The components of MTG-KMS per default will log in the following directory:
/var/log/mtg/<ApplicationName>
The default logback.xml configurations define a daily log rotation for these files. The default log level is “ERROR”.
|
Post-Treatment
The installed packages and any modified configuration files should be archived and documented.
Apache Configuration
When using following components :
-
MTG-KMS Server
-
MTG-KMS Crypto API
-
MTG-KMS PKCS#11 Server
-
MTG-KMS MiniCA
-
MTG-KMS TCP2HTTP
you must also set up an Apache Server. For detailed instructions on how to do so please refer to this page.