Install Certificate Manager server components on Windows
This article describes how to install Certificate Manager (CM) server components on Windows.
The CM servers comprises several sub-components that may be loaded into the same computer or distributed to several computers in order to obtain higher performance. See this list of Certificate Manager server components.
This installation does not require a GUI. It is controlled via commands in the command prompt window.
Prerequisites
Make sure you have access to the license file before starting to install CM.
Use a 64-bit console when running the installation program.
Step-by-step instructions
Install server components
Open a command prompt as administrator.
Execute install_server.bat in the server installation package. If you double-click install_server.bat in Explorer, instead of executing it from a command prompt, you may not be able to read the final messages as the window will close when the bat file terminates.
Enter the full installation path, for example: C:\Program Files\Nexus\Certificate Manager\server
If CM clients are already installed on this computer, the server installation must not be made to the same directory.Confirm the path.
Enter the full configuration files path, for example: C:\Program Files\Nexus\Certificate Manager\server
Confirm the path.
Enter the name and the full path of the license file and click OK.
Confirm the file name.
Enter the number or name of each server component, for which you have a license, separated by space (" "). See this list of Certificate Manager server components.
If MSSQL Server is the desired database, the CMDB component can be included to create the CMDB database as part of the server installation. Otherwise, the CMDB database must already exist and the JDBC component should be included instead to set up the database connection parameters.
If CF is selected without the CIS component, the CF will automatically be configured to run CIS locally within the CF service. If both the CF and CIS components are selected, CF will be automatically configured to connect to the installed independent CIS service.
Install all clients at the same time. It is not possible to add new clients later. You must uninstall existing clients before you can reinstall, see Uninstall Certificate Manager server components and clients.
If you have a license for the functions Key Archive and Recovery or Card Production Manager but are not going to use them, you must set the following parameters in cm.conf:
CardProductionManager.start=false
KARFactory.start=false
Confirm that your selection of server components is correct.
If you are installing the CMDB or the JDBC component, follow the steps in the respective section below.
CMDB component
If installing the CMDB component, perform these steps:
Select the machine where to install the database. Default is
localhost
.Select JDBC port for the database. Default is
1433
.Enter the initial size (in MB) of the database.
Enter the initial size (in MB) allocated for logging.
Enter the full path to an existing directory where the database should be placed. The file directory is relative to the file system of the host running the MSSQL server and the MSSQL server account must have enough access rights to create the database file in the specified directory.
Enter the user name of the database administrator.
Enter the password of the database administrator.
Confirm the password for the database administrator.
Confirm all the parameters you have entered.
JDBC component
If installing the JDBC component, perform these steps:
Select database engine from the list.
Select the machine where the database is installed. Default is
localhost
.Select JDBC port for the database.
Enter the database instance name.
Enter the name of the database CM user. Default is
lcmreq
.Enter the password for
lcmreq
user.
Java version
Oracle Java
On Microsoft Windows platforms with Oracle Java installed, the newest Java will be used by default, even if multiple Java versions are installed.
OpenJDK Java
On Windows platforms with OpenJDK Java installed, you have to manually specify the Java version.
Use the following Windows registry key to point to the proper Java installation:
CODEHKEY_LOCAL_MACHINE\SOFTWARE\Nexus\Service Parameters\<CM component name>\JREPath
As value for JREPath, set the path to the Java to be used, for example, C:\Program Files\Java\jdk-11.
After the installation
Message after installation
Await a message from the installation program confirming a successful installation. If an error message occurs, correct the indicated error and restart the installation using the bat file setup.bat located in the directory <install_root>/install.
If the CM SNMP monitor (that is, the Nexus SNMP service) is installed, set the configuration parameter
*.agent.connectToSupervisor
to 'true' in the configuration files cis.conf and cm.conf.CODE*.agent.connectToSupervisor = true
Option: Move configuration files
After the installation, it is possible to manually move the configuration files to any other path. Do this before you start any of the CM server components.
Modify the path in the following registry key:
Example
CODEHKEY_LOCAL_MACHINE\SOFTWARE\Nexus\Service Parameters\<component>\Arguments
The service user used to run the CM components must have both read and write access rights to the new configuration path.
Timing of services
The timing of the services during start-up of the system depends on the actual configuration of the server.
When using MSSQL Server on the same server as the Nexus CF service, the configuration may have to be changed to ensure proper start-up of the system. On the MSSQL Server, change the startup type of the Nexus CF service to Automatic (Delayed Start).