Installing a security server
System requirements
Ubuntu Server 20.04 or 22.04
Recommended 3 GB RAM and 30 GB hard drive, if application logs are left on the server.
The steps for installing a new security server and its initial configuration are the following:
- Install the Security Server software packages on a clean operation system.
- Open the administrator interface of the security server and add the XML file of the desired configuration anchor. The configuration anchor determines the X-tee environment for which the security server will be configured.
- NB!In case of a security server registered in the production environment, also install the HSM support after configuring the server.
- After adding the anchor, configure the parameters of the security server.
In order for it to be possible to exchange data with the security server via X-tee, certificates must be configured in the security server:
- Configure the time-stamping service on the security server.
- Create an authentication key and CSR for the security server.
- On the basis of the CSR, you can order an authentication certificate from either RIA’s XTSS portal or SK.
- Create a sign key and CSR for the security server.
- NB!The sign key and CSR for the production environment must be created on the HSM.
- If you do not have HSM, you can can order a sign certificate with a sign CSR from SK already as added onto HSM (choose ‘Wish to order ... Certificate on a cryptostick’).
- If you have HSM, you can order a sign certificate on the basis of the CSR from RIA’s XTSS portal or SK.
- Firstly, import the sign certificate to the security server and then the AUTH certificate. To register the AUTH certificate, click ‘Activate’ and then ‘Register’.
- After registering the certificate, add a subsystem for your institution in the security server and register it.
- NB! It is necessary to describe all of the subsystems in X-tee Self-Service portal.
- NB!The sign key and CSR for the production environment must be created on the HSM.
We also recommend checking the network configuration and firewall of the security server. Configuring them can be guided by the description of used ports and below it the network diagram.
NB! Please make sure that the security server ports 80 and 443 would not be open to the public!
Should you have any questions, contact us at [email protected]