Microsoft IIS Integration Guide



Similar documents
Preface. Microsoft Office Sharepoint Server 2007 Integration Guide SafeNet, Inc. All rights reserved. Part Number: (Rev A, 06/2009)

Active Directory Rights Management Service Integration Guide

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

Microsoft SQL Server Integration Guide

Integration Guide. Microsoft Internet Information Services (IIS) 7.0 and ncipher Modules. Windows Server 2008 (32-bit and 64-bit)

Integration Guide Microsoft Internet Information Services (IIS) 7.5 Windows Server 2008 R2

Installation Guide. SafeNet Authentication Service

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

PrivateServer HSM Integration with Microsoft IIS

Configuration Guide. SafeNet Authentication Service AD FS Agent

Apache HTTP Server Integration Guide

Configuration Guide. SafeNet Authentication Service. Remote Logging Agent

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Agent Configuration Guide

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

Secure IIS Web Server with SSL

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

SafeNet MSSQL EKM Provider User Guide

SafeNet KMIP and Amazon S3 Integration Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Generating an Apple Push Notification Service Certificate

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC

Configuration Guide. SafeNet Authentication Service. Token Validator Proxy Agent

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

Synchronization Agent Configuration Guide

Gemalto SafeNet Minidriver 9.0

MadCap Software. Upgrading Guide. Pulse

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

Server Installation Guide ZENworks Patch Management 6.4 SP2

Server Installation ZENworks Mobile Management 2.7.x August 2013

Scenarios for Setting Up SSL Certificates for View

For Active Directory Installation Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Installation and Configuration Guide

Certificate Management for your ICE Server

BASIC CLASSWEB.LINK INSTALLATION MANUAL

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Microsoft AD CS and OCSP Integration Guide. Microsoft Windows Server 2008 R2

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

Secure Agent Quick Start for Windows

e-cert (Server) User Guide For Microsoft IIS 7.0

etoken Enterprise For: SSL SSL with etoken

Reconfiguring VMware vsphere Update Manager

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

Microsoft AD CS and OCSP

NSi Mobile Installation Guide. Version 6.2

Hardening Guide for EventTracker Server

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Universal Management Service 2015

ImageNow Cluster Resource Monitor

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

How to request a certificate

Millennium Drive. Installation Guide

Lab 05: Deploying Microsoft Office Web Apps Server

Microsoft IAS and NPS Agent Configuration Guide

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Setting Up SSL on IIS6 for MEGA Advisor

NovaBACKUP xsp Version 15.0 Upgrade Guide

DeviceAnywhere Automation for Smartphones Setup Guide Windows Mobile

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

NetIQ Sentinel Quick Start Guide

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Administration Quick Start

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

SafeNet MobilePASS Version 8.2.0, Revision B

RSA envision Windows Eventing Collector Service Deployment Overview Guide

Reconfiguring VMware vsphere Update Manager

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

SSL Management Reference

Portions of this product were created using LEADTOOLS LEAD Technologies, Inc. ALL RIGHTS RESERVED.

QMX ios MDM Pre-Requisites and Installation Guide

Installing RMFT on an MS Cluster

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

X.509 Certificate Generator User Manual

ATT8367-Novell GroupWise 2014 and the Directory Labs

DameWare Server. Administrator Guide

Obtaining SSL Certificates for VMware View Servers

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

SMART Vantage. Installation guide

Omniquad Exchange Archiving

Quick Start Guide for Parallels Virtuozzo

Reconfiguration of VMware vcenter Update Manager

Wavecrest Certificate

Installation & Configuration Guide

Obtaining SSL Certificates for VMware Horizon View Servers

Quick Start Guide for VMware and Windows 7

Transcription:

Microsoft IIS Integration Guide Preface Preface 2015 SafeNet, Inc. All rights reserved. Part Number: 007-011955-001 (Rev E, 12/2015) All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording or otherwise without the prior written permission of SafeNet. SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person or organization of any such revisions or changes. SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/or company details, should be sent to the address below. SafeNet, Inc. 4690 Millennium Drive Belcamp, Maryland 21017 USA Limitations This document does not include the steps to set up the third-party software. The steps given in this document must be modified accordingly. Refer to Luna SA documentation for general Luna setup procedures. Disclaimers The foregoing integration was performed and tested only with the specific versions of equipment and software and only in the configuration indicated. If your setup matches exactly, you should expect no trouble, and Customer Support can assist with any missteps. If your setup differs, then the foregoing is merely a template and you will need to adjust the instructions to fit your situation. Customer Support will attempt to assist, but cannot guarantee success in setups that we have not tested. Technical Support If you encounter a problem while installing, registering or operating this product, please make sure that you have read the documentation. If you cannot resolve the issue, please contact your supplier or SafeNet support. SafeNet support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you. Technical Support Contact Information: Phone: 800-545-6608, 410-931-7520 Email: support@safenet-inc.com SafeNet Inc. i

Microsoft IIS Integration Guide Preface ii SafeNet Inc.

Microsoft IIS Integration Guide Table of Contents Table of Contents Preface... i Table of Contents... iii Chapter 1 Introduction... 1 Scope... 1 Prerequisites... 2 Luna SA Setup... 2 Luna PCI-E Setup... 2 Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA... 3 Before You Begin... 3 Before You Install... 3 Install IIS... 7 Create a Certificate Request... 7 Install the Certificate... 8 Binding the Certificate with a Secure IIS Web Server... 8 Chapter 3 Integrating Microsoft IIS 6.0 with Luna SA... 9 Before You Begin... 9 Before You Install... 9 Certificate Creation... 9 Certificate Installation... 10 SafeNet Inc. iii

Microsoft IIS Integration Guide Table of Contents iv SafeNet Inc.

Microsoft IIS Integration Guide Chapter 1 Introduction Chapter 1 Introduction This document is intended to guide security administrators through the steps for Microsoft Internet Information Services (IIS) and Luna HSM integration and also cover necessary information to install, configure and integrate Microsoft IIS with SafeNet Luna/PCI-E Hardware Security Modules (HSMs). It assumes that you have read the appropriate Quick Start Guide and are familiar with the IIS 7.5 /8.0/8.5 documentation and setup process. Scope This document outlines the steps to integrate Microsoft IIS 7.5 / 8.0/8.5 with Luna SA and Luna PCI-E on Windows Server 2008 R2, Windows Server 2008 R2 SP1 and Windows Server 2012/ Windows Server 2012 R2. Supported Platforms The following platforms are supported for Luna v6.1: Windows Server 2008 R2 Windows Server 2012R2 The following platforms are supported for Luna v5.2: Windows Server 2008 R2 Windows Server 2012 The following platforms are supported for Luna SA v5.1: Windows Server 2008 R2 The following platforms are supported for Luna SA v5.1.1: Windows Server 2003 The following platforms are supported for Luna PCI-E: Windows Server 2008 R2 SP1 (Standard/Enterprise) 3 rd Party Application Details Microsoft Internet Information Services (IIS) 6.0/7.5 /8.0/8.5 HSMs and Firmware Version K6 HSM f/w 6.22.0 K6 HSM f/w 6.2.1 (SA v5.1 / PCI-E v5.0) K6 HSM f/w 6.10.1 (SA v5.2) Distributions Luna SA Client s/w v6.1 (64-bit) SafeNet Inc. 1

Microsoft IIS Integration Guide Chapter 1 Introduction Luna SA Client s/w v5.1 (64-bit) Luna SA Client s/w v5.1 (64-bit) Luna Client s/w v5.2.1 (64-bit) Luna PCI-E Client s/w v5.0 (64bit) Prerequisites Luna SA Setup Please refer to the Luna SA documentation for installation steps and details regarding configuring and setting up the box on Windows systems. Before you get started ensure the following: Luna SA appliance has a secure admin password Luna SA has a hostname suitable for your network Luna SA network parameters are set to work with your network Initialized the HSM on the Luna SA appliance Created a partition on the HSM and allocated a partition password to be used later. Run the command, vtl verify to display a partition from Luna SA. The general form of command is C:\Program Files\Luna SA > vtl verify or C:\Program Files\SafeNet\LunaClient. Created and exchanged certificates between the Luna SA and the "Client" system (registered the Client with the Partition). Enabled Partition "Activation" and "Auto Activation" (Partition policy settings 22 and 23 (applies to Luna SA with Trusted Path Authentication [which is FIPS 140-2 level 3] only). Luna PCI-E Setup Please refer to the Luna PCI-E documentation for installation steps and details regarding configuring and setting up the Luna PCI Card on Windows systems. 2 SafeNet Inc.

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA This chapter outlines the steps to install and integrate Microsoft IIS Windows Server 2008 R2/ Windows Server 2012. Microsoft IIS will use the SafeNet Luna KSP (Key Storage Provider) for integration. Before You Begin You should familiarize yourself with Microsoft IIS. Refer to the appropriate Windows Server 2008 R2 /Windows Server 2012 help files for more information. Before You Install KSP must be installed in a separate step following completion of the main Luna SA Client software installation. For Luna 5.2 select Luna KSP during installation of Luna 5.2. Traverse to C:\Program Files\SafeNet. For Luna 5.2 traverse to C:\Program Files\SafeNet\LunaClient\KSP Run the KspConfig.exe (KSP configuration wizard). Double click Register or View Security Library on the left side of the pane. SafeNet Inc. 3

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA Browse the library Now click Register. C:\Program Files\LunaSA\cryptoki.dll for Luna 6.1, C:\Program Files\LunaSA\cryptoki.dll for Luna 5.1, C:\Program Files\SafeNet\LunaClient\KSP for Luna 5.2 and C:\Program Files\LunaPCI\cryptoki.dll for Luna PCI-E 4 SafeNet Inc.

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA On successful registration you will receive a message as Success registering the security library. Double click Register HSM Slots on the left side of the pane. SafeNet Inc. 5

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA Enter the Slot (Partition) password. Click on Register Slot to register the slot for Domain\User. On successful registration you will receive a message The slot was successfully and securely registered. 6 SafeNet Inc.

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA You need to register the slot for NT_AUTHORITY\SYSTEM. Install IIS To install IIS7.5: 1. Open Server Manager: Start > Administrative Tools > Server Manager > Add Roles > Web Server. 2. Select the Default (or desired) components from within the wizard and proceed with installation. To install IIS8.0/8.5 1. Open Server Manager: Configure this local server > Add roles and feature > Web Server (IIS). 2. Select the Default (or desired) components from within the wizard and proceed with installation. Create a Certificate Request Note: IIS Manager does not support the creation of certificates protected by CNG Keys and these need to be created using the Microsoft command line utilities. Generate a certificate request To generate a request for an SSL certificate linked to a RSA key, create a file called request.inf with the following information: [Version] Signature= "$Windows NT$" [NewRequest] Subject = "C=IN,CN=IIS.com,O=Safenet,OU=HSM,L=Noida,S=UP" HashAlgorithm = SHA256 KeyAlgorithm = RSA KeyLength = 2048 ProviderName = "Safenet Key Storage Provider" SafeNet Inc. 7

Microsoft IIS Integration Guide Chapter 2 Integrating Microsoft IIS 7.5/8.0/8.5 with Luna SA KeyUsage = 0xf0 MachineKeySet = True [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 a. Specify the subject details of the Domain Controller which is issuing the certificate. b. Specify the key algorithm and key length as required (e.g. RSA). c. Specify the Provider name as "Safenet Key Storage Provider d. Save the above content in the file request.inf. To create the certificate request for the Certification Authority, execute the command: certreq.exe new request.inf request.req This creates a certificate request file request.req that can be sent to a Certificate Authority. Install the Certificate After creating the certificate request, you obtain the certificate by using the CA web interface to send the request to the Certificate Authority. To make the certificate available for use in IIS, execute the command certreq.exe accept somecert.cer Where somecert.cer is the binary certificate exported from the CA. Binding the Certificate with a Secure IIS Web Server To bind the certificate with a secure IIS Web Server: 1. Open the IIS Manager from Start > Administrative Tools > Internet Information Services (IIS) Manager. 2. Under Sites on the left hand side of the IIS Manager Window, select the desired Web site. 3. On the right hand side of the IIS Manager, click the Bindings link. 4. In the Site Bindings window, click Add. 5. Select the protocol as https. 6. Select IP address of machine running IIS from the IP Address dropdown list. 7. Select the certificate from the drop-down list. 8. To complete the certificate binding for SSL connection, click OK. 9. Open a browser and type https://machinename:443. If necessary, accept the certificate in the browser to continue with SSL connection to the IIS7.5/8.0 Web Server. 8 SafeNet Inc.

Microsoft IIS Integration Guide Chapter 3 Integrating Microsoft IIS 6.0 with Luna SA Chapter 3 Integrating Microsoft IIS 6.0 with Luna SA This chapter outlines the steps to install and integrate Microsoft IIS Windows Server 2003. Microsoft IIS will use the SafeNet Luna CSP for integration. Before You Begin You should familiarize yourself with Microsoft IIS. Refer to the appropriate Windows Server 2003 help files for more information. Before You Install Go to c:\program Files\LunaSA\CSP. Run register.exe registering the partition with CSP. Follow the steps below to configure SSL on IIS 6.0 Certificate Creation 1. Login in as Local Administrator or as a user with local Administrator privileges. 2. Start IIS from Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager. 3. From the IIS Manager Window, select the Default Web Site, right-click and select Properties. 4. Select the tab Directory Security from the available tabs. 5. Select Server Certificate. A window Welcome to the Web Server Certificate Wizard appears. Click Next. 6. Select Create a New Certificate and click Next. 7. From the window that says Delayed or Immediate Request proceed by selecting Prepare the request now, but send it later and click Next. 8. From the Name and Security Settings window type the name for the new certificate and select the bit length 2048 and check the option Select cryptographic service provider (CSP) for this certificate and click Next. 9. Select Luna Enhanced SChannel Cryptographic Provider from the Available Providers and click Next. 10. Select Organization and Organizational Unit from the Organization Information window and click Next. 11. Give the Common name and click Next. 12. In the Geographical Information window give the Country/Region, State/province, City/locality information and click Next. 13. In the Certificate Request File Name window enter the File name for the certificate request and click Next. 14. The Request File Summary gives the certificate request information. Now click Next. 15. Completing the Web Server Certificate Wizard appears. Click Finish. SafeNet Inc. 9

Microsoft IIS Integration Guide Chapter 3 Integrating Microsoft IIS 6.0 with Luna SA Certificate Installation 1. Once the certificate is created, re-start IIS from server s Start > All Programs. > Administrative Tools >Internet Information Services (IIS) Manager. 2. From the IIS Manager Window, select the Default Web Site, right-click and select Properties. 3. Select the tab Directory Security from the available tabs. 4. Select Server Certificate. A window Welcome to the Web Server Certificate Wizard appears. Click Next. 5. From Pending Certificate Request select Process the pending request and Install the certificate and click Next. 6. Browse to the location (path and file name) where the certificate is saved and click Next. 7. In the SSL port window specify the SSL port (an integer between 1 and 65535) and click Next. 8. Certificate Summary appears, now click Next. 9. Completing the Web Server Certificate Wizard appears, click Finish. 10. Open a browser and type https://machinename:443. If necessary, accept the certificate in the browser to continue with SSL connection to the IIS 6.0 Web Server. 10 SafeNet Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information