Installation Preparation

This page describes the necessary technical prerequisites to run MTG-KMS components.

Hardware Requirements

The system must fulfil the following minimal hardware requirements:

Virtual Machine or Server-Hardware

The system was tested in different environments. For a proper operation of MTG-KMS components, it is recommended to use either virtual machines or appropriate server-hardware, with supported operating systems installed on them.

Package Dependencies

MTG-KMS components depend on following additional packages:

Component Package name Note

Component	Package name	Note
MTG-Common	`mtg-common-<X.X.X-REV>.<DIST>.<arch>.rpm` or `mtg-common-<X.X.X-REV>~<DIST-VER>_<arch>.deb`	MTG product independent files and settings such as generating the log directory /var/log/mtg and the operating system user "mtg"
MTG-KMS-Common	`mtg-kms-common-<X.X.X-REV>.<DIST>.<arch>.rpm` or `mtg-kms-common-<X.X.X-REV>~<DIST-VER>_<arch>.deb`	MTG-KMS global product files and settings such as creating an operating system user to run the application as process owner

MTG-Common

mtg-common-<X.X.X-REV>.<DIST>.<arch>.rpm
or
mtg-common-<X.X.X-REV>~<DIST-VER>_<arch>.deb

MTG product independent files and settings such as generating the log directory /var/log/mtg and the operating system user "mtg"

MTG-KMS-Common

mtg-kms-common-<X.X.X-REV>.<DIST>.<arch>.rpm
or
mtg-kms-common-<X.X.X-REV>~<DIST-VER>_<arch>.deb

MTG-KMS global product files and settings such as creating an operating system user to run the application as process owner

The above is applicable to all components except for PKCS#11 Library and Mini-CA.

Operating System User “kms”

MTG-KMS is installed under the OS user kms with group kms. This user will be automatically created during the installation of the MTG-KMS-Common package. However, this kms user can also be created manually prior to the package installation. After completing the installation, it is suggested to set a (unique) user password (as “root”), so the kms user can also be used for login, if necessary. The default home directory of this user is:

/home/mtg/kms

Additional OS users can be created for external components like MTG-Mini-CA, PostgreSQL server, etc.

Java Runtime Environment

MTG-KMS components are developed in Java. Therefore, the Java 17 Runtime Environment (JRE) has to be installed on the target system.

This section does not describe the installation and configuration of Java 17 Runtime, but only the necessary adjustments and configurations for a proper utilization by MTG-KMS components.

Apache HTTPd Server

For MTG-KMS an Apache httpd-Server 2.4 is recommended to receive the client’s http-requests and to pass them towards the java application.

Depending on the customers agreement with MTG, the Apache httpd-Server is provided by MTG as an RPM package “mtg-httpd-2.4”. Alternatively, the Apache httpd-Server can be downloaded from:

httpd.apache.org/download.cgi

For instructions of the default installation and configuration regarding the required Apache httpd-Server, please refer to the installation manuals of the respective components (e.g. at www.apache.org).

See Apache Configuration for detailed Apache Configuration instructions.

The MTG httpd-package already includes some default configurations and the tomcat connector mod_jk.

For the secure communication with the MTG-KMS components SSL-server certificates are required.

Tomcat Connector mod_jk

For the communication between the apache-httpd-server and the Java-Applications tomcat connector mod_jk is recommended. This connector is already part of the MTG httpd package. Alternatively, the mod_jk connector can be downloaded from:

tomcat.apache.org/connectors-doc/

Use only mod_jk Version 1.2.31 or newer!

See Apache Configuration for details on the integration of mod_jk into the apache config.