Install and configure ISC CertAgent for Windows

perform the following tasks to install and configure the certagent and verify that it works properly install and configure certagent the internet explorer and firefox browsers support the web based interface used by certagent perform the following steps to install and configure certagent double click the certagent 7 0 5 x64 exe file and follow the instructions in the setup wizard the setup wizard prompts for the listening port for the hypersql database to be created if 9001 is already in use, you can also use 9002 or 9003 certagent prompts you to create tls ports and admin and public web interface credentials provide the following information pkcs11 library path select \[ browse ] and select the path for the fxpkcs11 dll file the default fxpkcs11 installation location is c /program files/futurex hsm partition prompt to select one of the partitions found in the {{ch}} hsm pin this is the {{ch}} identity password configured inside the \<crypto opr pass> tag in the fxpkcs11 cfg file common name (cn) common name (cn) for the ca root certificate created by certagent organization name organization name for the ca root certificate created by certagent pkcs #12 password password to be used for pkcs #12 files generated by certagent and the {{ch}} make note of the pkcs #12 password, admin tls port ( \<admin port> ), and public tls port ( \<public port> ) you enter during installation this information is required to import the certificates for the web browsers to access the certagent sites (administrator site, public site, ca site) set the sa password and a user account with a password for the certagent database be sure to take note of these for future use the installer creates the credentials and finalizes the installation process at the end of the installation, certagent creates a readme txt file we strongly recommend that you read and follow the instructions for the post installation steps verify the installation this section verifies that certagent is communicating correctly with the {{ch}} the following requires the certificates installed by certagent to be added to the trusted list of your web browser after the installation completes, log in to the {{ch}} web ui to verify the keys have successfully been generated you can also use the {{futurex}} command line interface (fxcli) to validate the installation after you connect, run the following commands to verify the keys exist on the {{ch}} fxcli $ login user username> crypto1 password>safest \[2020 05 05 18 35 17] info successfully logged in as user 'crypto1' (crypto operator 1/1) successfully logged in as 'crypto1' result status success statuscode 0 connected true status "logged in" logins 1 remaining 0 \[2020 05 05 18 35 17] info successfully seeded local openssl context with random data fxcli $ keytable list result status success statuscode 0 slots \ slot 0 type "key" name "" algoritihm rsa bits 3072 usage encrypt,decrypt,sign,verify,wrap,unwrap majorkey ftk kcv "71ae" \ slot 1 type "key" name "" algoritihm rsa bits 3072 usage encrypt,verify,wrap majorkey ftk kcv "8c0d" \ slot 2 type "certificate" name "" algoritihm rsa bits 3072 usage sign,verify,wrap,unwrap majorkey none fingerprint "3422798e22319e1e170e29837f9f0112ce1dfasa" \ slot 3 type "key" name "" algorithm rsa bits 3072 usage encrypt,decrypt,sign,verify,wrap,unwrap majorkey ftk kcv "70fe" \ slot 4 type "key" name "" algorithm rsa bits 3072 usage encrypt,decrypt,wrap majorkey ftk kcv "1696" \ slot 5 type "certificate" name "" algorithm rsa bits 3072 usage sign,verify majorkey none fingerprint "83bc566a389af4f34292vea053b013a1a97bc968" if all six keys are present, the installation succeeded open a command terminal and go to the installation location of certagent then, run the command certagent setpin go to the system pin entry page shown in the readme txt follow the link in the file in the web portal, you can use the displayed links to access the following sites the system administrative site admin controls over the system and server, including configuration settings must connect with the admin certificate the ca account site allows the certificate enrollment, management, crl, and other settings to be set when connected with the admin certificate allows csrs to be approved, signed, revoked, and other certificate enrollment tasks to be completed when connected with the operations certificate the public site enables users to enroll, upload, and retrieve certificates to and from the {{ch}} when connected with the client certificate using the public site , send a certificate signing request using the enroll function using internet explorer, you can generate a key for a certificate to be signed by the {{ch}} firefox cannot generate a key for you after sending in a csr, log in to the ca account site by using the operations certificate, find the certificate in the pending section, and issue it proper configuration of the application with the {{ch}} enables you to issue the certificate and retrieve all from the web