Installing CAKM for Microsoft SQL Server EKM Provider
You can install CAKM for Microsoft SQL Server EKM Provider in the following two ways:
• For External CA configuration, complete the installation with TCP protocol and then go for Manual configuration for SSL setting by updating the required parameters (client cert, client key, and external CA) in cakm_mssql_ekm.properties
file.
• If you want to use the SSL protocol, you need to configure SSL using the steps mentioned in the Setting up SSL/TLS section.
• To change the configuration, refer to the Configuring the Properties File section.
• To install the CAKM for Microsoft SQL Server EKM provider, you should have the CA Admins
, Read-Only Admins
, and Key Users
privileges.
• By default, EKM logs are generated in C:\EKM
folder. Ensure that C:\EKM
folder exists/created. Moreover, you can also change the path by updating the MS_Sql_Ekm_Log
parameter in cakm_mssql_ekm.properties
file.
• Ensure that you provide the path and file name of the log file in Log_File
parameter of cakm_mssql_ekm.properties
file.
GUI Based Installation
Microsoft SQL Server Service must be restarted after installation, upgradation, uninstallation, and changing configuration of the provider.
Download and unzip the CAKM for Microsoft SQL Server EKM Provider.
Double-click the
setup.exe
to launch the InstallShield Wizard. The Welcome screen appears. Click Next.Accept the license agreement and click Next.
Click Change to select a different location. You can click Next to continue with the default installation directory.
Select the Server Protocol. The options are tcp and ssl.
Server Protocol as tcp
If you select the Server Protocol as tcp:
Specify the following mandatory fields:
Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.
Server Port: Specify the server port of the NAE interface.
Click Next.
Server Protocol as ssl
If you select the Server Protocol as ssl:
Specify the following mandatory fields:
User name: Specify the username of the CipherTrust Manager.
Password: Specify the password of the CipherTrust Manager.
Server IP/Hostname: Specify the IP Address or Hostname of the CipherTrust Manager.
Passphrase: Specify the passphrase to encrypt the client key.
Server Port: Specify the server port of the NAE interface.
Click Next and specify the following certificate information:
Common Name (mandatory field)
State
City
Organization Name
Organization Unit
Country
Email Address
Click Next.
Click Install to begin the installation process.
Click Finish to exit the installation wizard.
After installation, ensure the following.
• The system environment variable Path must contain CAKM Installation directory path i.e., C:\Program Files\CipherTrust\CAKM For SQLServerEKM\
.
• Do not replace the default lib path (C:\Program Files\CipherTrust\CAKM For SQLServerEKM\lib
)
Silent Installation
Microsoft SQL Server Service must be restarted after installation, upgradation, uninstallation, and changing configuration of the provider.
For silent installation, cakm_basic.conf file is used to provide basic configuration settings (such as, SERVER_IP, SERVER_PORT, SERVER_PROTOCOL, and more). These settings are updated automatically into the cakm_mssql_ekm.properties
file once the silent installation is complete.
To install the CAKM for Microsoft SQL Server EKM provider silently, enter all the details in cakm_basic.conf
file and execute the following command:
setup.exe /s /v"/qn CONFIGPATH=<path of cakm_basic.conf file>"
For example:
setup.exe /s /v"/qn CONFIGPATH=C:\Users\Administrator\Desktop\cakm_basic.conf"
Above command installs CAKM for Microsoft SQL Server EKM on a default path. If you want to install CAKM for Microsoft SQL Server EKM provider on a specific path, execute the following command:
setup.exe /s /v"/qn CONFIGPATH=<Config file path>\cakm_basic.conf INSTALLDIR=<Installation dir path>"
Do not use cakm_basic.exe
for any operation.
• By default, EKM logs are generated in C:\EKM
folder. Ensure that C:\EKM
folder exists/created. Moreover, you can also change the path by updating the MS_Sql_Ekm_Log
parameter.
• Ensure that you provide the path and file name of the log file in Log_File
parameter.
After installation, you can further configure the Microsoft SQL Server EKM provider to meet the needs of your environment. For more details, refer to the Configuring the Properties File section.
To uninstall or upgrade the CAKM for Microsoft SQL Server EKM provider, refer to the following sections: