Install Certificate Manager server components on Windows

This article describes how to install Certificate Manager (CM) server components on Windows.

The CM servers comprises several sub-components that may be loaded into the same computer or distributed to several computers in order to obtain higher performance. See this list of Certificate Manager server components.

This installation does not require a GUI. It is controlled via commands in the command prompt window.

Prerequisites

• Make sure you have access to the license file before starting to install CM.

• Use a 64-bit console when running the installation program.

Step-by-step instructions

Install server components

1. Open a command prompt as administrator.

2. Execute install_server.bat in the server installation package. If you double-click install_server.bat in Explorer, instead of executing it from a command prompt, you may not be able to read the final messages as the window will close when the bat file terminates.

3. Enter the full installation path, for example: C:\Program Files\Nexus\Certificate Manager\server
   If CM clients are already installed on this computer, the server installation must not be made to the same directory.

4. Confirm the path.

5. Enter the full configuration files path, for example: C:\Program Files\Nexus\Certificate Manager\server

6. Confirm the path.

7. Enter the name and the full path of the license file and click OK.

8. Confirm the file name.

9. Enter the number or name of each server component, for which you have a license, separated by space (" "). See this list of Certificate Manager server components.

   • If MSSQL Server is the desired database, the CMDB component can be included to create the CMDB database as part of the server installation. Otherwise, the CMDB database must already exist and the JDBC component should be included instead to set up the database connection parameters.

   • If CF is selected without the CIS component, the CF will automatically be configured to run CIS locally within the CF service. If both the CF and CIS components are selected, CF will be automatically configured to connect to the installed independent CIS service. 

   • Install all clients at the same time. It is not possible to add new clients later. You must uninstall existing clients before you can reinstall, see Uninstall Certificate Manager server components and clients.

   • If you have a license for the functions Key Archive and Recovery or Card Production Manager but are not going to use them, you must set the following parameters in cm.conf:

     CardProductionManager.start=false
KARFactory.start=false

10. Confirm that your selection of server components is correct.

11. If you are installing the CMDB or the JDBC component, follow the steps in the respective section below.

CMDB component

If installing the CMDB component, perform these steps:

1. Select the machine where to install the database. Default is localhost.

2. Select JDBC port for the database. Default is 1433.

3. Enter the initial size (in MB) of the database.

4. Enter the initial size (in MB) allocated for logging.

5. Enter the full path to an existing directory where the database should be placed. The file directory is relative to the file system of the host running the MSSQL server and the MSSQL server account must have enough access rights to create the database file in the specified directory.

6. Enter the user name of the database administrator.

7. Enter the password of the database administrator.

8. Confirm the password for the database administrator.

9. Confirm all the parameters you have entered.

JDBC component

If installing the JDBC component, perform these steps:

1. Select database engine from the list.

2. Select the machine where the database is installed. Default is localhost.

3. Select JDBC port for the database.

4. Enter the database instance name.

5. Enter the name of the database CM user. Default is lcmreq.

6. Enter the password for lcmreq user.

Java version

Oracle Java

On Microsoft Windows platforms with Oracle Java installed, the newest Java will be used by default, even if multiple Java versions are installed.

OpenJDK Java

On Windows platforms with OpenJDK Java installed, you have to manually specify the Java version.

1. Use the following Windows registry key to point to the proper Java installation:

   CODE

   HKEY_LOCAL_MACHINE\SOFTWARE\Nexus\Service Parameters\<CM component name>\JREPath

2. As value for JREPath, set the path to the Java to be used, for example,  C:\Program Files\Java\jdk-11.

After the installation

Message after installation

1. Await a message from the installation program confirming a successful installation. If an error message occurs, correct the indicated error and restart the installation using the bat file setup.bat located in the directory <install_root>/install.

2. If the CM SNMP monitor (that is, the Nexus SNMP service) is installed, set the configuration parameter *.agent.connectToSupervisor to 'true' in the configuration files cis.conf and cm.conf.

   CODE

   *.agent.connectToSupervisor = true

Option: Move configuration files

After the installation, it is possible to manually move the configuration files to any other path. Do this before you start any of the CM server components.

1. Modify the path in the following registry key:

   Example

   CODE

   HKEY_LOCAL_MACHINE\SOFTWARE\Nexus\Service Parameters\<component>\Arguments

2. The service user used to run the CM components must have both read and write access rights to the new configuration path.

Timing of services

The timing of the services during start-up of the system depends on the actual configuration of the server.

When using MSSQL Server on the same server as the Nexus CF service, the configuration may have to be changed to ensure proper start-up of the system. On the MSSQL Server, change the startup type of the Nexus CF service to Automatic (Delayed Start).