Professional Documents
Culture Documents
SecureTransport Suite
Version 4.9
Installation Guide
October 2009
DIN0001ST49
Proprietary Rights Notice
Copyright © 1997-2009 Axway, Inc. All rights reserved. This manual is the Confidential Information of Axway, Inc.
The contents of this manual, and the Tumbleweed Valicert Validation Authority Server™ program, Tumbleweed Server Validator™
program, Tumbleweed Desktop Validator™ program, Tumbleweed Validator Toolkit™ program, Tumbleweed SecureTransport Server™
program, Tumbleweed SecureTransport Edge™ program, Tumbleweed SecureTransport Client™ program, MailGate® Appliance™
program, MailGate Edge™ program, MailGate Email Firewall™ program, Tumbleweed Desktop Messenger™ program, MailGate Secure
Messenger™ program and other computer programs together with their associated documentation (hereinafter collectively called
“Tumbleweed Software”), offered by Axway, Inc. (“Axway”) are copyrighted and are the property of Axway and its licensors. The use and
copying of this manual and the Tumbleweed Software are restricted by copyright law and are governed by the license agreement
accompanying the Tumbleweed Software (“License Agreement”). You may only use and copy this manual and the Tumbleweed Software
in accordance with the terms and conditions of the License Agreement, unless otherwise authorized in writing by Axway.
The contents of this manual are furnished for informational use only, are subject to change without notice, and should not be construed as a
commitment by Axway. Axway assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational
content contained in this manual.
Some of the processes, arrangements, user interfaces, transaction sequences, site and system architectures, data arrangements, and data
processing algorithms, described or embodied in this manual or the Tumbleweed Software, are covered by one or more of the following
patents: U.S. Patent Nos. D399,836; 5,790,790; 5,903,651; 6,061,448; 6,119,137; 6,151,675; 6,192,407 6,385,655; 6,393,568; 6,442,689;
6,470,086; 6,487,599; 6,502,191; 6,516,411; 6,529,956; 6,532,540; 6,609,196; 6,651,166; 6,725,381; 6,748,529; 6,826,609; 6,901,509;
6,912,285; 7,073,056; 7,117,358; 7,127,741; and 7,162,738; Singapore Patent No. 60,542; and Taiwan Patent Nos. 117,795; 118,892; and
146,895.
Tumbleweed, the Arrows logo, Tumbleweed Validation Authority, Tumbleweed Valicert Validation Authority, Validation Authority Server,
Validation Authority Repeater, Validation Authority Responder Server, Validation Authority Repeater Appliance, Server Validator, Desktop
Validator, Validator Toolkit, MailGate, MailGate Appliance, MailGate Edge, Edge Defense, Tumbleweed Email Firewall, MailGate Email
Firewall, MailGate Secure Messenger, Desktop Messenger, SecureTransport, SecureTransport Server, SecureTransport Edge,
SecureTransport Client, Secure Inbox, Secure Envelope, Tumbleweed Secure Mail, Tumbleweed Secure Messenger, Tumbleweed Secure
Statements, Tumbleweed IME Integrated Message Exchange, Spam Analysis Engine, Intent Based Filtering (IBF), Dark Traffic,
Tumbleweed Dynamic Anti-spam Service (DAS), Tumbleweed Message Protection Lab, Tumbleweed FTP Analyzer ™, Tumbleweed
Secure Guardian ™, Tumbleweed Secure Policy Gateway ™, Tumbleweed Secure Staging Server ™, Tumbleweed Secure Archive ™,
Tumbleweed Secure Web ™, Tumbleweed Secure CRM ™, Tumbleweed Secure Messenger ™, Tumbleweed Secure Statements ™,
Tumbleweed My Copy ™, Tumbleweed L2i ™, Tumbleweed IME Developer ™, Tumbleweed ™ Personalize ™, Tumbleweed IME Alert
™, WorldSecure ™, World/Secure/Mail ™ and Tumbleweed Active Agents are either registered trademarks, trademarks or service marks
of Axway, Inc. in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.
Axway, Inc.
6811 E. Mayo Blvd., Suite 400
Phoenix, AZ 85054
(480) 627-1800
http://www.axway.com
Chapter 1 – Introduction 1
About SecureTransport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
SecureTransport Documentation Set . . . . . . . . . . . . . . . . . . . . . . 4
Axway Global Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Tumbleweed—an Axway Brand . . . . . . . . . . . . . . . . . . . . . . . . . . .5
C h a p t e r 2 – B e f o r e Yo u I n s ta l l 7
Preinstallation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Temporary Hardware Requirements during Installation . . . . . . . . . . . . . .9
Supported Browsers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Installation Prerequisites for Unix-based Servers . . . . . . . . . . . . . . . . . 10
Minimum Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . 10
Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installation Prerequisites for Appliances . . . . . . . . . . . . . . . . . . . . . . 14
Setting Appliance Network Configuration Parameters . . . . . . . . . . . . . 14
Configuring the DNS Server Address and Hostname . . . . . . . . . . . . . . 15
Installation Prerequisites for Windows . . . . . . . . . . . . . . . . . . . . . . . 17
Minimum Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . 17
Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . 17
C h a p t e r 3 – I n s ta l l i n g S e c u r e Tr a n s p o r t 19
C h a p t e r 4 – U p g r a d i n g S e c u r e Tr a n s p o r t 33
iii
C h a p t e r 5 – C o n f i g u r i n g S e c u r e Tr a n s p o r t 43
Starting Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
SecureTransport Server Checklist . . . . . . . . . . . . . . . . . . . . . . . 44
SecureTransport Edge Checklist . . . . . . . . . . . . . . . . . . . . . . . . 45
Logging onto the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Setup Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Viewing Server Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . 47
Step 1 Install Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Installing Server Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
About Rich Internet Client Licenses . . . . . . . . . . . . . . . . . . . . . . . 49
Step 2 Keystore Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Changing the Keystore Password. . . . . . . . . . . . . . . . . . . . . . . . 50
Step 3 Generate Certificate Authority. . . . . . . . . . . . . . . . . . . . . . . . 51
Generating a Permanent Internal Certificate Authority . . . . . . . . . . . . . 51
Using an External Certificate Authority . . . . . . . . . . . . . . . . . . . . . 53
Step 4 Generate Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
SecureTransport Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Step 5 Set Up Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
FIPS Transfer Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Step 6 Exchange CA Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Exporting the SecureTransport Server CA Certificate. . . . . . . . . . . . . . 62
Importing the SecureTransport Server CA Certificate. . . . . . . . . . . . . . 63
Exporting the SecureTransport Edge CA Certificate . . . . . . . . . . . . . . 64
Importing the SecureTransport Edge CA Certificate . . . . . . . . . . . . . . 65
Clean Up the Setup Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Additional Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Setting Up Proxy Configurations . . . . . . . . . . . . . . . . . . . . . . . . 67
A p p e n d i x A – F i l e S y s t e m C ha n g e s W h e n U p g r a d i n g 67
Migration Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Migration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Migration Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Glossary 75
Index 75
v
vi SecureTransport Installation Guide
Chapter 1
Introduction
This chapter provides an overview of SecureTransport and explains how to use this installation guide.
Sections include:
About SecureTransport ........................................................................ 2
About This Guide ................................................................................. 3
Axway Global Support ......................................................................... 5
Tumbleweed—an Axway Brand ........................................................... 5
1
About SecureTransport
SecureTransport™ is a family of products that offers a robust solution for file transfer meeting the
needs of enterprises for security, automation, and application integration, as well as flexible
deployment configurations that can lower total cost of ownership (TCO) and provide superior return
on investment (ROI) over other solutions.
Enterprise file transfer products help companies secure and manage all aspects of the movement of
data between any two entities. File transfer can range from the transmission of large bulk data
between an organization and its customers or partners, to the exchange of high value or sensitive data
such as financial instruments or purchase orders. The data contained in files can be either structured
or unstructured, and the business processes supported by file transfer products are usually mission-
critical to the enterprise. Additionally, file transfer products must be able to support government
regulations (such as HIPAA, GLBA, FIPS, and Sarbanes-Oxley), which call for every business
process to be documented, auditable, and accountable.
Organizations require robust solutions that address the numerous challenges they are facing today.
SecureTransport supports numerous enterprise-class features including comprehensive
authentication and access control, interactive and automated transfers, guaranteed delivery, data
integrity, comprehensive logging and auditing, event-driven agents, data transformation, scheduling,
and application integration.
SecureTransport offers both client and server software products as well as turn-key appliances,
providing organizations numerous options for deploying high-performance, high-availability,
distributed solutions. Since SecureTransport works over the Internet as well as private IP networks,
it is an ideal alternative to secure file transfer solutions based on burdensome legacy networks or
costly Virtual Private Network (VPN) deployments.
The cryptographic libraries used by SecureTransport for the AS2 (SSL), FTPS, HTTPS, and SSH
(SFTP/SCP) protocols have been certified Federal Information Protection Standard (FIPS) 140-2
Level 1 compliant by the US National Institute of Standards and Technology (NIST), Computer
Security Division, and the Communications Security Establishment of the Government of Canada
Information Protection Group.
SecureTransport products provide high performance file transfer capabilities as well as state of the art
security, reliability, and automation. They are designed for the distribution and collection of
commercially valuable files over the Internet. SecureTransport products are compatible with FTP,
FTPS, HTTP, HTTPS, SSH, FIPS 140-2 Level 1, and AS2 standards.
Audience
This guide is intended for use by system administrators who run the installer and have administrative
privileges on the respective machines. They are responsible for the efficient use of networks by
organizations, ensuring that all components including the network, computers, and software fit
together and work properly. System administrators troubleshoot problems reported by users and
automated network monitoring systems, making appropriate recommendations for future servers and
networks.
Contents
The guide discusses procedures for both Unix-based and Windows operating systems. Each chapter,
where appropriate, is divided into sections that address the different platforms. The contents of the
SecureTransport Installation Guide is outlined below:
• Chapter 1 introduces SecureTransport, identifies the target audience, outlines the guide content,
provides information about additional SecureTransport documentation, and explains how you
can get technical support.
• Chapter 2 lists the preinstallation tasks and prerequisites that are necessary before you install
SecureTransport.
• Chapter 3 explains how to install SecureTransport on all supported platforms.
• Chapter 4 provides information about upgrading SecureTransport, including Tumbleweed
Appliances.
• Chapter 5 discusses configuration tasks that must be performed after installing SecureTransport.
• Appendix A lists files and directories that are added, deleted, and modified during an upgrade
from SecureTransport 4.8.1 to 4.9.
• Appendix B explains how to uninstall SecureTransport.
• Appendix C provides information about migrating from SecureTransport 4.5.x to
SecureTransport 4.9.x.
• Appendix D describes how to configure the optional SAN card for the Tumbleweed Appliance
and gives its specifications.
• Appendix E describes typical operation and maintenance procedures for your Tumbleweed
Appliance.
• The Glossary defines terms used in the SecureTransport documentation.
3
SecureTransport Documentation Set
SecureTransport provides the following documentation:
• SecureTransport Installation Guide – (This document) This guide explains how to install,
upgrade, and uninstall SecureTransport server on Unix-based platforms, Microsoft Windows,
and Tumbleweed Appliances.
• SecureTransport Release Notes – This document contains information about new features and
enhancements, late-breaking information that could not be included in one of the other
documents, and a list of known and fixed issues.
• SecureTransport Administrators Guide – This guide describes how to use the SecureTransport
Administration Tool to configure and administer your SecureTransport server. The content of
this guide is also available in the online help.
• SecureTransport Developers Guide – This guide explains how to use rules, rule packages, and
agents to customize SecureTransport. Additional information includes an explanation of how to
use the application framework.
• SecureTransport Rich Internet Client User Guide – This guide describes how to use the
SecureTransport Rich Internet Client to transfer files between your local machine and your
SecureTransport server. The content of this guide is also available in the online help.
• SecureTransport Browser Client User Guide – This guide describes how to use a web browser to
upload files to, download files from, and delete files on SecureTransport.
• SecureTransport Best Practices Guide – This guide describes components and tasks associated
with configuring and troubleshooting SecureTransport. This document is a supplement to the
SecureTransport Administrators Guide.
• SecureTransport Capacity Planning Guide – This guides provides information useful when
planning your production environment for SecureTransport.
• SecureTransport Software Developer Kit (SDK) online help – The SDK includes an HTML-
based API reference developers can use while customizing SecureTransport.
NOTE:
If you purchase an appliance after June 30, 2009, it is branded as an Axway Appliance. All
information in the guide about Tumbleweed Appliances applies to Axway Appliances.
5
6 SecureTransport Installation Guide
Chapter 2
Before You Install
This chapter describes the prerequisites and procedures required for installing SecureTransport.
Sections include:
Preinstallation Information.................................................................. 8
Installation Prerequisites for Unix-based Servers ............................. 10
Installation Prerequisites for Appliances........................................... 14
Installation Prerequisites for Windows .............................................. 17
7
Preinstallation Information
Review and understand the following information before starting the installer:
• Before you proceed, review the SecureTransport Release Notes for the current release for any
updates to this preinstallation information or the installation and setup procedures.
• SecureTransport cannot be installed in a directory name containing the "~" character (for
example, /opt/TMWD/~/).
• Services – After all components have been installed, the Admin and Database services are
started. These services are configured according to your responses to the questions the installer
asks during the installation procedure. These services are started so an administrator can
configure SecureTransport before starting any additional services.
• Server Certificates – During installation, a temporary self-signed CA is generated, and then a
temporary Admin certificate, signed by this CA, is generated.
• Administration Accounts – The installer creates the following default accounts with a default
user name and password:
• Master Administrator account “admin/admin”.
• Setup Administrator “setup/setup” for initial, one-time configuration of the system.
• Account Manager “account/account” who can create and manage user access and import
and export accounts.
• Application Manager “application/application” who can create service accounts and
create and configure applications.
NOTE:
For best security, change the default passwords.
• The installer suggests the port numbers listed below for the SecureTransport Server ports:
• Admin port number - 444
This is the port that the web server for the Administration Tool listens to. You must specify
the Admin port number in the URL when accessing the Administration Tool, using the form,
https://<hostname>:<Admin port>/. If you are installing SecureTransport on a Unix-
based server to run as a non-root user, the default port number is 8444.
NOTE:
When you install SecureTransport on a Unix-based server to run as a non-root user, 8000 is
added to port numbers that are below 1024. For example, port number 444 becomes 8444.
WARNING:
The directory name that you install into cannot contain multiple spaces or tab characters in a row.
Acceptable characters include the letters A-Z, the numbers 0-9, and a single space between two
words. For example, /opt/TMWD/ST Server is acceptable, but /opt/TMWD/ST Server or
/opt/TMWD/STServer\t are not acceptable.
TIP:
SUSE Linux Enterprise Server (SLES) on a Tumbleweed Appliance uses 10022 as the default
port number for SSH. You can change this port number after installation by editing
/etc/ssh/sshd_config.
NOTE:
For more information on hardware requirements, see the SecureTransport Capacity Planning
Guide.
Supported Browsers
Use one of the following web browsers to access the SecureTransport Administration Tool, Browser
Client, and Rich Internet Client:
• Apple Safari 3 and 4 for the Rich Internet Client only.
• Microsoft Internet Explorer versions 6 SP2, 7, and 8.
• Mozilla Firefox versions 2.x and 3.x.
9
Installation Prerequisites for Unix-based Servers
You can install SecureTransport on the supported Unix-based servers: IBM AIX, Red Hat Enterprise
Linux (RHEL), Sun Solaris, and SUSE Linux Enterprise Server (SLES).
Review and understand the following information before starting the installer:
• Make sure you have root privileges on the server where you are installing or upgrading
SecureTransport. You must have root privileges even if you are installing as non-root.
• Make sure that no file is named fd in the /etc directory. Installation is aborted when the file
/etc/fd already exists.
• To install SecureTransport for a non-root setup, you must be logged in as root. After installation,
running the services while logged in as the root user is not supported.
• If you have a copy of MySQL installed on the computer where you intend to install
SecureTransport, the installation might fail if you install as non-root. This can happen because
the /var/tmp/mysql.sock file already exists and mysql cannot be started by a non-root user.
Make sure you either uninstall the other version of MySQL or install SecureTransport on a
different computer.
• When you perform a non-root install, the files STInstallLog.txt and STUser.txt are still
owned by root.
• When you perform a non-root install, the non-root user must have a valid shell that allows login
and command execution. For example, /sbin/nologin is not a valid shell, but /bin/bash is
a valid shell.
• When you perform a non-root install, the non-root user must be configured to have permission
to create and update a crontab entry to allow log file rotation. Usually, this is accomplished by
placing an entry for the user in the cron.allow file. If the cron.allow file does not exist,
make sure the non-root user is not listed in the cron.deny file.
• When installing SecureTransport in a high availability or high capacity clustered deployment.
the primary and secondary servers in the cluster must use the same installation path, such as
/opt/TMWD/SecureTransport. If all the servers in the cluster don’t use the same installation
path, synchronization between the servers doesn’t work. For synchronization to work, set all
servers in the cluster to the same time.
NOTE:
Unless otherwise specified, SecureTransport runs as a 32-bit application on a 64-bit version of
the supported operating systems.
11
SecureTransport is also supported installed in the following virtualized environments:
• AIX 5L Version 5.3 Technology Level 9 running in an LPAR
• A Solaris Zone in Solaris 10 10/08
NOTE:
While SecureTransport is supported on the virtualization environments listed, no version of
SecureTransport supports VMware ESX 3.x or 4.x. While you might be able to run
SecureTransport 4.9.1 in a development environment as an unverified “platform,” no version of
SecureTransport is certified to run with VMware in testing and production environments.
AIX Requirements
There is a default 1 GB limit on the size of files on AIX. The 1GB file size limit must be removed by
editing the /etc/security/limits file. Change the default to:
fsize = -1
You can also use AIX System Management Interface Tool (SMIT) to change the file size limit.
NOTE:
If the ncargs setting has a value less than 9, the SecureTransport Transaction Manager does
not start. Make sure you set ncargs to a value equal to or higher than 9. For best results, use
256 or higher, up to 1024.
To install a package:
1 Log into your system as root.
2 Navigate to the directory where you downloaded the package.
3 Type rpm -Uvh <name_of_package>.arch.rpm.
SELINUX
Red Hat Enterprise Linux enables SELINUX by default. Before installing SecureTransport, disable
SELINUX in /etc/sysconfig/selinux. You must restart the server after making this change.
To disable SELINUX:
1 Log into your system as root.
2 Modify /etc/sysconfig/selinux using a text editor. Set SELINUX= to disabled.
SELINUX=disabled
3 Save and close the file.
4 Restart the server.
SLES Requirements
SLES 10 enables SELINUX by default. Before installing SecureTransport, disable SELINUX in
/etc/sysconfig/selinux. You must restart the server after making this change.
To disable SELINUX:
1 Log into your system as root.
2 Modify /etc/sysconfig/selinux using a text editor. Set SELINUX= to disabled.
SELINUX=disabled
3 Save and close the file.
4 Restart the server.
13
Installation Prerequisites for Appliances
Tumbleweed Appliances are preconfigured to meet the hardware and operating system prerequisites.
Make sure you follow the instructions for setting up the appliance in the Axway Appliance Quick Start
card before installing the software. See <Emphasis> Preinstallation Information on page 8 for
additional information.
Review and understand the following information before starting the installer:
• SecureTransport 4.7 and later runs on Dell-based appliances only. These releases do not run on
the Flash appliances.
• Upgrading your appliance from SecureTransport 4.8.1 or a previous release to SecureTransport
4.9.1 upgrades the operating system to SLES 10 SP2. If you made any changes to the appliance
operating system not specified in SecureTransport documentation or installed any software not
bundled with the appliance, it might be lost in the operating system upgrade.
• You cannot perform the operating system upgrade in an SSH session. You must connect
physically to the appliance console or connect remotely using a network KVM switch or the
Dell Remote Access Controller (DRAC) administration console.
TIP:
SUSE Linux Enterprise Server (SLES) on a SecureTransport appliance uses 10022 as the
default port number for SSH. You can change this port number after installation by editing
/etc/ssh/sshd_config.
4 Select Change to modify an existing card, then select the network card you want to change.
Press Enter or select Edit to modify the card information.
TIP:
You can configure both the Gb1(eth0) and Gb2 (eth1) IP addresses using this method.
15
4 Type the correct values for your network in the fields.
5 Press F10 to save your changes.
If you have purchased an optional SAN card for your appliance, see Appendix D, Tumbleweed
Appliance SAN Card before installing the software.
TIP:
Make sure your Windows Server is using the NTFS file system. SecureTransport runs only on
partitions using NTFS.
17
18 SecureTransport Installation Guide
Chapter 3
Installing SecureTransport
This chapter describes the installation procedures for SecureTransport. Sections include:
Installing on Unix-based Platforms ................................................... 20
Installing on an Appliance................................................................. 26
Installing on Windows ....................................................................... 29
19
Installing on Unix-based Platforms
This section explains how to install SecureTransport on Unix-based platforms. During this process,
the installer asks a series of questions and supplies default responses. The latter are contained within
square brackets at the end of the question, for example:
Enter your choice [1]:
where the number between the brackets is the default response. You can answer a question in one of
the following ways, depending on the type of the question and on your choice:
• Type the number corresponding to a provided option.
• Type the requested information, for example:
Installation folder [/opt/TMWD/SecureTransport]: /opt/TMWD/ST
• Press Enter without typing any information to accept the default response.
NOTE:
You can change most settings configured during installation using the Administration Tool. See
Chapter 5, Configuring SecureTransport and the SecureTransport Administrators Guide for more
information.
NOTE:
Although you can start more than one instance of the SecureTransport installer, the installation
fails when more than one instance is running. Make sure you are only running one instance of
the installer to complete the installation successfully.
3 In the temporary directory where you extracted the installer, type the following at the command
prompt to run the SecureTransport installer:
./Install.sh
The SecureTransport installer displays a welcome message:
Loading [English] resources.
You are installing: SecureTransport
To install SecureTransport:
1 The installer checks to see if SecureTransport is already installed on the computer:
Checking if SecureTransport is already installed...
Please pick an installation instance or choose new.
(1) <old installation name> [<old installation directory>]
(2) NEW INSTALLATION
(3) Quit
Enter your choice [3]:
Type the number representing the task you want to accomplish:
• Type 1 to upgrade from the installation listed.
• Type 2 to start a new installation.
• Type 3 to quit the installation procedure (default).
NOTE:
All existing installations are listed at the beginning of the list. Options 2 (NEW INSTALLATION) and
3 (Quit) might be represented by different values.
21
5 Type the path and directory where you want to install SecureTransport. Make sure this is not the
same directory where you copied the installer files.
Installation folder [/opt/TMWD/SecureTransport]:
NOTE:
The installation path of SecureTransport Server entered here is referred to as
<FILEDRIVEHOME> throughout this document.
WARNING:
The directory name that you install into cannot contain multiple spaces in a row or tab characters
in a row. Characters that are acceptable include the letters A-Z, the numbers 0-9, and a single
space between two words. For example, /opt/TMWD/ST Server is acceptable, but
/opt/TMWD/ST Server or /opt/TMWD/STServer\t are not acceptable. In addition, the
directory name cannot contain the “~” character (for example, /opt/TMWD/~/).
NOTE:
The remaining steps in this section describe a server installation.
7 To install SecureTransport to run as a non-root user, type y for the following question:
SecureTransport Server Configuration
Perform a "non-root" install [y/n] [n]
If you type y, the question User name to run ST [root]: displays. Type the non-root user
name you are using for SecureTransport.
Type n or accept the default if you are installing SecureTransport to run as the root user.
TIP:
During a non-root installation, you might see an error such as
<bash: /root/.bashrc: Permission denied>. Ignore the error since it doesn't interfere
with system operations.
TIP:
When you install SecureTransport under a non-root user, the default value for Admin port is
8444.
b Type the appropriate port number for Tomcat JK or accept the default of 8009:
Tomcat JK port number [8009]:
NOTE:
You cannot change the secret file after you have configured SecureTransport. The
install_secret command can only be run on a secondary server immediately after
installation, before you configure the server.
Type y to import the secret file from another SecureTransport Server installation. Select this
option when you are installing secondary servers in a high availability or high capacity
clustered deployment. This imports the secret file created for the primary server. See the
SecureTransport Administrators Guide for more information on configuring your software
for high availability.
When this option is selected, the following question also displays:
Secret file name or "cancel" []:
Type the name of the imported secret file or type cancel to let SecureTransport randomly
generate a new secret file.
The installer creates the secret file in the following directory:
<FILEDRIVEHOME>/lib/certs/private
When installing a secondary server, copy the secret file from the primary server to the
secondary server before running the installer and specify the primary server secret file
location during installation.
Run the install_secret command line utility to install the secret file if you are using a
Tumbleweed Appliance. See the SecureTransport Administrators Guide for more
information on command line utilities.
23
9 Once you have selected all the options, the installer provides a summary of your choices. For
example:
SecureTransport Installation Summary
*******Section 1*******
Install mode : New
*******Section 2*******
Accept the license agreement : Yes
*******Section 3*******
Install type : Server
Installation folder : /opt/TMWD/SecureTransport
Installation name : ST-001
SecureTransport Server Configuration
Admin port number : 444
Tomcat JK port number : 8009
Tomcat shutdown port number : 8005
Database port number : 33060
Enable nightly log rotation : Yes
Import a secret file : No
10 Review the information and select one of the options that follow the summary.
[Menu options]
(1) Accept values and continue
(2) Display values
(3) Edit fields
(4) Start Over
(5) Quit
Enter your choice [1]:
• Type 1 to accept your entries and continue (default). The installer creates a configuration file
and a message is displayed: configuration file generated
• Type 2 to re-display the entries you made.
• Type 3 to edit the entries you made.
• Type 4 to start the installation procedure from the beginning. This response cancels all
responses you gave to this point.
• Type 5 to quit the installation.
Once you type 1, you see the following message.
Configuration file generated
NOTE:
A silent installation method for SecureTransport is supported. This method of installation allows
you to carry out an installation without any questions being asked by the installer. Visit the Axway
Global Support web site for more information. See Axway Global Support on page 5 for the URL.
After successfully installing SecureTransport, you must perform a number of post-installation steps,
such as updating your SecureTransport license, enabling, configuring, and starting the
SecureTransport services. See Chapter 5, Configuring SecureTransport for more information.
25
Installing on an Appliance
This section explains how to install and uninstall SecureTransport on a Tumbleweed Appliance.
Installing SecureTransport
This section explains how to install SecureTransport on a Tumbleweed Appliance. During this
process, the installer asks a series of questions and supplies default responses. The latter are contained
within square brackets at the end of the question, for example:
Enter your choice [1]:
where the number between the brackets is the default response. You can answer a question in one of
the following ways, depending on the type of the question and on your choice:
• Type the number corresponding to a provided option.
• Press Enter without typing any information to accept the default response.
NOTE:
You can change most settings configured during installation using the Administration Tool. See
Chapter 5, Configuring SecureTransport and the SecureTransport Administrators Guide for more
information.
To install SecureTransport:
NOTE:
Although you can start more than one instance of the SecureTransport installer, the installation
fails when more than one instance is running. Make sure you are only running one instance of
the installer to complete the installation successfully.
27
*** Secure Transport installer is running. Please wait ... ***
***************************************************************************
** PROCESS COMPLETE **
** **
** To enable features such as AS2 or SSH you might need to update your **
** license, refer to the Administrator's Guide for further details. **
** **
** **
***************************************************************************
Log file: <FILEDRIVEHOME>t/STInstallLog.txt
Appliance1:/opt/TMWD/installer #
NOTE:
A silent installation method for SecureTransport is supported. This method of installation allows
you to carry out an installation without any questions being asked by the installer. Visit the Axway
Global Support web site for more information. See Axway Global Support on page 5 for the URL.
After successfully installing SecureTransport, you must configure the setup by updating your
SecureTransport license, enabling and configuring the software, and starting the SecureTransport
services. For these next steps, see Chapter 5, Configuring SecureTransport.
During the installation, do not close any console windows that are opened.
Review the License Agreement for Secure Transport carefully. Use the scrollbar on the right-
hand side of the dialog box to scroll throughout the entire text.
(Optional) Click Print to print out a copy of the License Agreement if you prefer to read it on
paper or want save a copy of it.
Select I accept the terms of the license agreement to indicate that you accept the License
Agreement and click Next to proceed with the installation procedure.
The installer displays the Setup Type and Destination Folder dialog box.
29
3 Select the installation Type - Server or Edge.
The SecureTransport Server Installation installs the full feature set of SecureTransport,
including the Transaction Manager.
The Edge server provides a proxy setup of SecureTransport and contains a subset of
SecureTransport Server features.
During the installation, which takes several minutes, a command window displays some of the
processing. Disregard the installer message stating Unable to locate tools.jar. The
installation continues properly.
NOTE:
The remaining steps in this section apply to a server installation. Refer to the SecureTransport
Server Administrators Guide for more information about the SecureTransport Edge installation.
(Optional) Click Browse to define a destination folder for the SecureTransport installation that
is different from the default one:
C:\Program Files\Tumbleweed\SecureTransport
Click Next to proceed with the installation procedure. The installer displays the SecureTransport
Options dialog box.
WARNING:
The directory name that you install into cannot contain multiple spaces in a row or tab characters.
Characters that are acceptable include the letters A-Z, the numbers 0-9, and a single space
between two words. For example, C:\Program Files\Tumbleweed\ST Server\ is acceptable,
but C:\Program Files\Tumbleweed\ST Server\ is not acceptable. In addition, you cannot
install SecureTransport into a directory whose name contains the “~” character (for example,
C:\Program Files\Tumbleweed\ST~\).
a Type a port number for the SSL Administration Tool port. The default port number is 444.
b Type a port number for the Tomcat JK port. The default port number is 8009.
c Type a port number for the Tomcat Shutdown port. The default port number is 8005.
d Type a port number for the database. The default port number is 33060.
e Select Enable Nightly Log Rotation if you want the system to perform automatic backup and
purging of log files on a nightly basis. When this feature is enabled, SecureTransport Server
backups log files, generated on the respective day, and creates a new one for the subsequent
day. The server takes a back up and creates a new log file at 23:59 or 00:00 hours, depending
on the log file type.
Enable Nightly Log Rotation is enabled by default. You can enable or disable the nightly log
rotation after installation - see the SecureTransport Administrators Guide for more
information.
f Set the Secret File Path.
A secret file contains a random phrase that encrypts the SecureTransport system cookies.
The secret file size must be at least 1024 bytes. If you are setting up a high availability or
high capacity clustered deployment, and this server is a secondary server in the cluster,
import the secret file from the primary server. Specify the location by typing the path or
clicking Browse to locate the file.
When installing a secondary server, copy the secret file from the primary server to the
secondary server before running the installer so you can specify the primary server secret file
location during installation.
NOTE:
You cannot change the secret file after you have configured SecureTransport. The
install_secret command can only be run on a secondary server immediately after
installation, before you configure the server. See the SecureTransport Administrators Guide for
more information on command line utilities.
31
If you are not setting up a high availability or high capacity clustered deployment or this
server is the primary server, leave this field blank. The installer creates a secret file.
The installer creates the secret file in the following directory:
<FILEDRIVEHOME>/lib/certs/private
TIP:
See the SecureTransport Administrators Guide for more information on configuring your software
for high availability or high capacity.
Click Next to continue. The installer displays the Ready to Install the Program dialog box.
5 Click Install to start the installation. The installer displays the Setup Status dialog box and a
command prompt window.
The installation process can take several minutes to complete.
If the installation fails, click OK at the prompt and refer to the installer log for details.
6 When the installation procedure is complete, the installer displays the InstallShield Wizard
Complete dialog box.
7 Click Finish to complete the installation and close the installer.
After successfully installing SecureTransport, you must configure the installation. See Chapter 5,
Configuring SecureTransport for more information.
This chapter describes the upgrade procedures for SecureTransport 4.9.1. You can upgrade from
SecureTransport 4.7.1, 4.8.1, or 4.9. To upgrade from SecureTransport 4.6.1 or any SecureTransport
4.9 Limited Availability release, first upgrade to SecureTransport 4.7.1, 4.8.1, or 4.9 General
Availability and then to SecureTransport 4.9.1. If you have more than a few customizations, contact
the Axway Professional Services Organization. For contact information, see Axway Global Support
on page 5.
If you have a version other than those listed and want to migrate to 4.9.1, contact Axway Global
Support. For information about migrating from SecureTransport 4.5.x to SecureTransport 4.9.x, see
Appendix C, Migrating SecureTransport 4.5.x to 4.9.x.
Contact Axway Global Support or the Axway Professional Services Organization if you are
upgrading from an earlier version of SecureTransport with any ESP component. For contact
information, see Axway Global Support on page 5.
Upgrading a Unix-based Platform .................................................... 34
Upgrading an Appliance.................................................................... 38
Upgrading on Windows ..................................................................... 39
Sections include:
NOTE:
If you upgrade a high availability cluster to SecureTransport 4.9.x and you do not plan to send
SecureTransport event data to Synchrony Sentinel, on every server edit the
<FILEDRIVEHOME>/conf/configuration.xml file and change mode="passive" to
mode="passive_legacy". For more information, see the section on changing the cluster
configuration in the SecureTransport Administrators Guide.
33
Upgrading a Unix-based Platform
Make sure your previous version of SecureTransport is not running (refer to the SecureTransport
Administrators Guide for more information).
NOTE:
If you create a custom role after upgrading to SecureTransport 4.9.1, all newly created
administrators with this role are assigned a Delegated Administrator role. During the upgrade
process, a message displays informing you of this change.
Upgrading SecureTransport
Upgrading SecureTransport uses the same installer as a new installation. The interaction is different.
To upgrade SecureTransport:
1 Expand and extract the SecureTransport installer into a temporary directory and navigate to this
temporary directory. The commands are:
gunzip STEE-4_9_1-<OS>-<processor>-<BuildNumber>.tar.gz
tar -xf STEE-4_9_1-<OS>-<processor>-<BuildNumber>.tar
where the variables represent the following:
<OS> is the operating system: AIX (for IBM AIX), RHEL (for Red Hat Enterprise Linux), SunOS
(for Sun Solaris), or SUSE (for SUSE Linux Enterprise Server).
<processor> is the type of processor running the operating system: i386, ppc, x86_64, or
sparc.
<BuildNumber> is the actual build number listed in the installer executable file, for example,
Build472.
NOTE:
Although you can start more than one instance of the SecureTransport installer, the installation
fails when more than one instance is running. Make sure you are only running one instance of
the installer to complete the installation successfully.
2 In the temporary directory where you extracted the installer, type the following at the command
prompt to run the SecureTransport installer:
./Install.sh
The installer displays a \welcome message:
Loading [English] resources.
You are installing: SecureTransport
***********************************************************
*** Tumbleweed SecureTransport ***
*** ***
*** Welcome to Tumbleweed SecureTransport Installation ***
*** This application will install Tumbleweed ***
*** SecureTransport Server and its components. ***
*** ***
** Copyright (c)1993-2009 Tumbleweed Communications Corp **
***********************************************************
35
3 The installer searches for previous installations of SecureTransport on your machine and lists
any that it finds in the first installer question for your response:
Checking if SecureTransport is already installed...
Please pick an installation instance or choose new.
(1) <old installation name and [directory]>
(2) NEW INSTALLATION
(3) Quit
Enter your choice [3]:
Type the number representing the installation instance you want to upgrade to SecureTransport
4.9.1 and press Enter.
4 The installer asks if you have backed up the existing installation:
Have you made a full backup of your existing SecureTransport installation?
[y/n] [n]:
If you have made the backup, type y and press Enter. Otherwise, cancel the installation and
make the backup before resuming the installation.
To cancel the installation, type n and press Enter. The upgrade installation is canceled after an
additional confirmation prompt is displayed.
5 The installer displays a confirmation menu:
(1) Upgrade ST
(2) Quit
(3) Version Information
Enter your choice [1]:
Type 1 to continue the upgrade (default), 2 to cancel the installation, or 3 to display the
information about currently installed versions of SecureTransport and the SecureTransport
components being installed, and then press Enter.
NOTE:
There might be more than one instance of SecureTransport listed for upgrade.
6 The installer displays the multipage license agreement. Press Enter to move from one page to the
next. Review the license agreement for SecureTransport 4.9.1 carefully.
Accept the license agreement?
(1) Yes
(2) No
Enter your choice [2]:
To accept the license agreement, type 1 and then press Enter.
7 The installer displays the installation summary and a menu options confirmation prompt:
[Menu Options]
(1) Accept values and continue
(2) Display values
(3) Start over
(4) Quit
Enter your choice [1]:
Type 1 to accept your entries and continue (default), 2 to redisplay the entries you made, 3 to
edit the entries you made, 4 to start the installation procedure from the beginning (this response
cancels all responses you gave to this point), or 5 to quit the installation. Press Enter.
The installer creates a configuration file and displays several lines of information about the
upgrade process. When upgrading SecureTransport Edge or SecureTransport Server, the
following displays:
The upgrade procedure is now complete. At the end of each installation the installer creates a log and
saves it in the following location:
<FILEDRIVEHOME>/STInstallLog.txt
37
Upgrading an Appliance
The installation file provided upgrades 64-bit appliances. Before upgrading your appliance, back up
of the operating system and SecureTransport. See Before You Upgrade on page 34 for more
information on backing up SecureTransport.
64-bit Appliances
• Supported Models: ST4620, ST5620, ST6620, ST4720, ST5720, and ST6720
• Installer file: STEE-4_9_1-App-x86_64-Upgrade-<BuildNumber>.tgz
• Upgradable from SecureTransport 4.7.1, 4.8.1 and 4.9
NOTE:
<BuildNumber> is the actual build number listed in the file such as Build472.
Upgrading SecureTransport
The appliance upgrade is similar to the Unix upgrade.
39
3 Back up files of the earlier SecureTransport installation.
d Create a zip file called SecureTransport.zip containing all the files in your existing
SecureTransport installation for the files in the
C:\Program Files\Tumbleweed\SecureTransport directory, preserving the folder
structure.
e Back up the following folder:
C:\Program Files\InstallShield Installation Information\
{74039923-B563-4816-AE9C-BA1B47847D93}
Recovery Procedure
Make sure you uninstall SecureTransport 4.9.1 before attempting to recover your backup. If the
upgrade fails, you can recover your previous version of SecureTransport Server using the following
steps.
To upgrade SecureTransport:
1 Make sure that the SecureTransport server is not in use and all the connections are closed.
2 Copy the installer file to a temporary directory. Run the SecureTransport installer file STEE-
4_9_1-Windows-x86-<BuildNumber>.exe where <BuildNumber> is the actual build
number listed in the installer executable file such as Build472.
3 The installer detects the existing installation and asks if you have backed up your existing
SecureTransport Server installation. If you have made the backup, click Yes and proceed with
the upgrade installation. Otherwise, cancel the upgrade installation and perform the backup
described in Backup Procedure Before Upgrading on page 39 before resuming the upgrade
installation.
4 When the Installer dialog box opens, click Next to start the process.
During the installation, which takes several minutes, a command window displays the
processing steps. Disregard a line indicating that the installer is “Unable to locate tools.jar.”
When the installation is complete, a success message appears.
After upgrading to SecureTransport 4.9.1, configure the installation. See Chapter 5, Configuring
SecureTransport for more information on the post-installation steps you must perform.
41
42 SecureTransport Installation Guide
Chapter 5
Configuring SecureTransport
This chapter describes how to setup and configure SecureTransport for basic operation. This chapter
assumes SecureTransport has already been installed. If SecureTransport has not been installed or
there are questions relating to the installation, refer to the information in Before You Install and
Installing SecureTransport. The Setup Administrator account is used only for the initial post-
installation configuration.
Use the Setup Administrator account to configure key items needed for SecureTransport to function.
These items are listed in the Starting Setup section of this chapter. After the initial setup is complete,
use the administrator login for future maintenance and changes. Refer to the SecureTransport
Administrators Guide for more information.
Sections include:
Starting Setup..................................................................................... 44
Step 1 Install Licenses ....................................................................... 48
Step 2 Keystore Password.................................................................. 50
Step 3 Generate Certificate Authority ............................................... 51
Step 4 Generate Certificates .............................................................. 54
Step 5 Set Up Servers ........................................................................ 57
Step 6 Exchange CA Certificates ....................................................... 62
Clean Up the Setup Account.............................................................. 66
Additional Configuration Tasks ......................................................... 67
43
Starting Setup
For the initial configuration, SecureTransport provides a setup account with a default password. Make
sure that the default password is changed. Use this account to help with the initial system
configuration. Read through the following checklist to make sure these items are available, before
beginning the set up of the system for first time use.
HTTP Port 80
HTTPS Port 443
HTTPS Admin Port 444
HTTPS Admin Shutdown Port 8005
FTP/S Port 21
SSH Port 22
AS2 Port for HTTP 10080
AS2 Port for HTTPS 10443
AS2 Shutdown Port 8006
Database Port 33060
Transaction Manager Port for SSL 4455
Transaction Manager Port for non-SSL 81
NOTE:
Default port numbers might be different than those listed in the tables if you installed on an
appliance (SSH Port is 10022) or if you installed as a non-root user (add 8000 to the default listed
for port numbers that are below 1024).
HTTP Port 80
HTTPS Port 443
FTP/S Port 21
SSH Port 22
AS2 Port for HTTP 10080
AS2 Port for HTTPS 10443
Database Port 33060
Proxy Server Port 1080
IP Port for SecureTransport Server 4455
NOTE:
Default port numbers might be different than those listed in the tables if you installed on an
appliance (SSH Port is 10022) or if you installed as a non-root user (add 8000 to the default listed
for port numbers that are below 1024).
45
Logging onto the server
Log onto your server with all checklist items readily available.
Setup Steps
There are six steps involved in configuring SecureTransport for initial use:
1 Install Licenses – Install the core and feature licenses.
2 Keystore Password – Replace the blank keystore password with one you create.
3 Generate CA – Regenerate the Internal CA used to sign other certificates.
Alternately, you can import a CA certificate.
4 Generate Certificates – Generate certificates for each protocol server you are using, FTP, HTTP,
etc.
You can import server certificates. They must be signed by the imported CA.
5 Set Up Servers– Set up the HTTP, FTP, SSH, and AS2 protocol servers, the Transaction
Manager (TM) server, and the Database server.
The SecureTransport Edge server also supports a proxy (SOCKS) server setup.
6 Exchange Certificates – Import and export CAs from SecureTransport Servers and
SecureTransport Edge servers.
Complete the steps in the order listed to prevent conflicts.
For more information about the Server Logs, see the SecureTransport Administrators Guide.
47
Step 1 Install Licenses
Two licenses must be installed. The first, the Core Server License, includes the number of accounts,
Rich Internet Client, and Web Client users allowed. The second, the Features License, identifies
additional features that are licensed. These can include the AS2, SSH, SiteMinder, and
Connect:Direct protocols.
The FTP and HTTP protocols are included in the core license. For AS2, SSH, SiteMinder, or
Connect:Direct features, please contact your local account executive or supplier.
2 Open the text file containing the core server license information and copy the entire contents of
the file to the clipboard.
3 Paste the entire contents of the file into the Update License text area and click Update License.
The core server license information displays.
4 Open the text file containing the features license information and copy the entire contents of the
file to the clipboard.
5 Paste the entire contents of the file into the Update License text area.
6 Click Update License.
The features license information displays.
49
Step 2 Keystore Password
In this step you reset the keystore password. This task is required before you can generate an internal
certificate in Step 3, Generate CA.
TIP:
When you log in to SecureTransport Server as an administrator, you can access this page by
selecting Setup > Certificates > Keystore Password.
51
To create a new internal certificate:
1 Select 3-Generate CA.
2 Click Generate New CA.
TIP:
When you log in to SecureTransport Server as an administrator, you can access this page by
selecting Setup > Certificates > Internal CA.
53
Step 4 Generate Certificates
The next step allows you to generate the server certificates that SecureTransport uses. Select 4-
Generate Certs to generate local, self-issued server certificates. Generated certificates are assigned
RSA keys.
SecureTransport can use certificates for multiple purposes. For example, the ftpd certificate is
commonly used for securing FTPS and SSH connections. Separate certificates and aliases can be used
for each protocol. The httpd certificate is commonly signed by a public CA so that external users,
especially those using a web browser to access the system, will trust the certificate. The other
certificates are either internal to the product or only used by the Administrators; they can be signed
by the internal CA. The admind certificate is generated as part of the installation process.
To use a certificate signed by an external CA, see the SecureTransport Best Practices Guide or the
Axway Global Support Knowledge Base for more information.
SecureTransport Certificates
For a SecureTransport Server installation, generate the following certificates:
These certificates can be signed by the internal SecureTransport CA. See Step 3 Generate Certificate
Authority on page 51.
NOTE:
The following procedures is used to generate a self-issued certificate. Refer to the
SecureTransport Administration Guide for information about generating a Certificate Signing
Request (CSR).
55
• Alias — the name that identifies the certificate.
If an alias that is already assigned to another certificate is used, a dialog box displays asking
if you want to overwrite the original certificate. Be sure the appropriate alias has been
entered for the new certificate. If you are sure you want to replace the original certificate
with the new one, click Overwrite. Click Cancel to discard the new certificate and keep the
original one. You are returned to the Generate Certificate dialog box to make changes.
Validity in days — the number of days the certificate is valid.
• Key Size — a number representing the size or length of the key, expressed in bits. Possible
values are 1024, 2048 (default), 3072, or 4096 bits.
• Common Name — a description of the certificate. Do not use the host name or the fully-
qualified host name (FQDN) of the server without additional identifying text. Do not use the
same Common Name as is used in the Certificate Authority.
• Department — the name of department that the certificate is issued.
• Company — the name of the company that the certificate is issued.
• City — the name of the city where the location of the certification is located.
• State — the name of the state where the location of the certification is located.
• Country — the name of the country where the location of the certification is located.
If you want to create a Certificate Signing Request (CSR), see the SecureTransport
Administrators Guide for more information.
5 Click Generate.
a (Optional) Select Save backup of private key to file if you want to save a copy of the private
key.
b Type a password in the Password field, type it again in the Confirm Password field, and
click Continue.
c When asked to open or save the file, click Save and select a location on the local file system.
A message displays indicating that the certificate was successfully saved.
6 Click Close.
NOTE:
Third-party certificates do not work for the SSH daemon.
TIP:
When you log in to SecureTransport Server as an administrator, you can access this page by
selecting Setup > Certificates > Local Certificates.
TIP:
When you log in to SecureTransport Server as an administrator, you can access this page by
selecting Operations > Server Control.
57
When running as the Setup Administrator on SecureTransport Edge, the following features display:
TIP:
When you log in to SecureTransport Edge as an administrator, you can access this page by
selecting Operations > Server Control.
NOTE:
If FIPS transfer mode is enabled for a protocol server and the client that uses that server does
not provide the required FIPS cipher or cipher suite, SecureTransport will not complete the
transfer.
TIP:
FTP might already be running on port 21. To avoid a port conflict, you can disable FTP at the OS
level or assign it a different port number instead of changing the port number in SecureTransport.
3 If you enabled FTPS, select a key alias from the drop-down list, for example, ftpd.
Key Alias — A key alias is the name used to identify a certificate and/or key present in the
keystore. This is the alias name used when generating a certificate using the Certificate
Manager.
4 If you enabled FTPS, to restrict FTPS connections to FIPS 140-2 Level 1 certified cryptographic
libraries, select the Enable FIPS Transfer Mode check box.
The sender and the recipient must use the ciphers and ciphers suites listed in the
SecureTransport Administration Guide. If the sender and the recipient do not provide the
required ciphers and ciphers suites SecureTransport will not complete the transfer.
5 Click Start.
NOTE: If the server is already running, you cannot click Start. This note applies to each “Click
Start” step in this procedure.
6 Click Update.
NOTE: If you are configuring multiple servers (for example, FTP, AS2, and SSH) at once, you
can wait and click Update once, at the end of your server selections.
59
4 If you enabled HTTPS, to restrict HTTPS connections to FIPS 140-2 Level 1 certified
cryptographic libraries, select the Enable FIPS Transfer Mode check box.
The sender and the recipient must use the ciphers and ciphers suites listed in the
SecureTransport Administration Guide. If the sender and the recipient do not provide the
required ciphers and ciphers suites SecureTransport will not complete the transfer.
5 Click Start.
6 Click Update.
Configuring AS2
If an AS2 license is available, enable the AS2 service. Specify the AS2 settings on both
SecureTransport Server and SecureTransport Edge.
Configuring SSH
If you are using SSH, specify the SSH settings for both the SecureTransport Edge and
SecureTransport Server.
NOTE:
View Fingerprint does not work until a key alias has been assigned and the page is updated.
61
Step 6 Exchange CA Certificates
This step pertains only to a two-tier architecture, where both an SecureTransport Edge and
SecureTransport Server are being configured.
In a two-tier deployment, the SecureTransport Edge and SecureTransport Server authenticate each
other through the use of certificates. These certificates have already been created and specified in
previous steps. In this step, a trust relationship between the two servers must be set up. This set up
involves exchanging certificates between SecureTransport Edge and SecureTransport Server.
To complete this step, access to both the SecureTransport Server and SecureTransport Edge
Administration Tool must be readily available. Use a separate browser window to open each
Administration Tool.
3 Click Export and save the file to a location in the local system.
4 Click Close.
5 Copy the CA certificate file to the SecureTransport Edge server, if necessary.
63
3 Type an Alias for the imported certificate. Make sure the alias is unique and different from any
other trusted CA aliases
4 To import the certificate file:
a Select Import certificate from file and click Browse to locate the file on your local system.
Or select Paste certificate in space below to copy and paste the certificate contents.
b Click Import to import the certificate to the Edge server.
5 Click Close in the Import Certificate dialog box.
The newly imported certificate appears in the Trusted CA Certificates list.
3 Type an Alias for the imported certificate. Make sure the alias is unique and different from any
other trusted CA aliases.
4 To import the certificate file:
a Select Import certificate from file and click Browse to locate the file on your local system.
Or select Paste certificate in space below to copy and paste the certificate contents.
b Click Import to import the certificate to the Edge server.
5 Click Close in the Import Certificate dialog box.
The newly imported certificate appears in the Trusted CA Certificates list.
TIP:
When you log in to SecureTransport Server as an administrator, you can access this page by
selecting Setup > Certificates > Trusted CAs.
65
Clean Up the Setup Account
The initial configuration of SecureTransport is now complete. As a final step, clean up the Setup
account either by removing it or by changing the password. You can use the default administrator
account for additional configuration tasks.
NOTE:
Once you have made the configuration changes using the Administration Tool, run stop_all to
stop all SecureTransport services., then run start_all to restart them.
#proxy = www-proxy:1080
#directHosts = 130.220.;.unisa.edu.au;localhost
3 Add a line with the hostname of the HTTP proxy as shown in the following example:
directHosts = <hostname>;localhost
4 Save your changes.
NOTE:
Modifying the SecureTransport Edge using this method might prevent the SecureTransport
Server from using the HTTP proxy server through a firewall.
67
68 SecureTransport Installation Guide
Appendix A
File System Changes When Upgrading
This appendix list the files that are added, deleted, and modified during an upgrade from
SecureTransport 4.9 to 4.9.1. All other files are replaced.
The changes are the same on all platforms but different for SecureTransport Server and
SecureTransport Edge.
Always back up the currently running version of SecureTransport before upgrading the software to
preserve any customized files. See Upgrading SecureTransport on page 33 for more information.
Sections include:
Files Added During the Upgrade ...................................................... 68
Files Deleted During the Upgrade .................................................... 69
Files Modified During the Upgrade .................................................. 70
67
Files Added During the Upgrade
These tables list for each server type the files and directories in release 4.9.1 that did not exist in
release 4.9.
<FILEDRIVEHOME>/brules/local/wptdocuments/ SynchronyTransfer.xml
<FILEDRIVEHOME>/lib/jars/external/ axway-common-circularbuffer-1.1.61.jar
axway-common-core-1.1.61.jar
axway-sentinel-ua-1.1.61.jar
cglib-2.2.jar
commons-cli-1.2.jar
commons-collections-3.1.jar
ehcache-1.6.1.jar
ehcache-jgroupsreplication-1.3.jar
jta-1.1.jar
jul-to-slf4j-1.5.8.jar
slf4j-api-1.5.8.jar
slf4j-log4j12-1.5.8.jar
xercesImpl-2.9.0.jar
<FILEDRIVEHOME>/lib/jars/external/ TrkApiUA.jar
xerces.jar
69
Files Modified During the Upgrade
These tables list for each server type the files that are modified by adding release 4.9.1 information
or replacing release 4.9 information with release 4.9.1 information during the upgrade from release
4.9.
<FILEDRIVEHOME>/brules/local/ agentlist
<FILEDRIVEHOME>/brules/local/wptdocuments/ wptdocument.conf
<FILEDRIVEHOME>/conf/ access-control.xml
configuration.xml
export.conf
tm-log4j.xml
transforms.xml
<FILEDRIVEHOME>/tomcat/admin/webapps/ plugin.xml
coreadmin/WEB-INF/plugin/applicationtypes/
<FILEDRIVEHOME>/conf/ access-control.xml
configuration.xml
<FILEDRIVEHOME>/tomcat/admin/webapps/ plugin.xml
coreadmin/WEB-INF/plugin/applicationtypes/
75
Uninstalling SecureTransport on Unix-based Servers
This section explains how to uninstall SecureTransport from any of the supported Unix-based
platforms.
WARNING:
Do not run the SecureTransport uninstall command from within the <FILEDRIVEHOME> directory
or any subdirectories. All directories, including the <FILEDRIVEHOME> directory are deleted
during the uninstall process.
WARNING:
Do not run the SecureTransport uninstall command from within the <FILEDRIVEHOME> directory
or any subdirectories. All directories, including the <FILEDRIVEHOME> directory are deleted
during the uninstall process.
77
Uninstalling SecureTransport on Windows
This section explains how to uninstall SecureTransport from Windows.
NOTE:
You can also use the Add/Remove Programs option in the Control Panel to uninstall
SecureTransport Server.
To uninstall SecureTransport:
1 Prior to uninstallation, make sure the Cygwin console and all Cygwin tools, installed with your
previous SecureTransport installation, are closed - if necessary, close the Cygwin console and
tools manually.
NOTE:
Before uninstalling the SecureTransport Server on Windows, make sure that no SecureTransport
resources (such as files) are being used. Also, make sure that the Cygwin cron service is
stopped, and that no Cygwin processes (aside from the one being used by the uninstaller) are
active. In addition, if you try to uninstall SecureTransport in Windows and the <FILEDRIVEHOME>
directory or a file stored in it is in use, the uninstallation process fails.
2 Run the installer (see the section Installing on Windows on page 29). The installer displays the
following uninstallation confirmation prompt:
3 Click Yes when prompted to confirm. The installer opens a command prompt window to display
several messages before displaying the Setup Status dialog box.
4 When uninstallation is complete, the installer displays the Uninstall Complete dialog box. Click
Finish to complete the uninstallation procedure and close the wizard.
You can find logs containing details of uninstallation at C:\Documents and Settings\<User
Name>\Local Settings\Temp\{74039923-B563-4816-AE9C-BA1B47847D93}. Log files
stored here are erased when the computer is rebooted. If you want to keep the log file, copy it to a
different location.
This appendix describes a proposed migration plan from SecureTransport v4.5.x to SecureTransport
4.9.x. This information is provided “as-is” as guidelines and an aid to your migration planning.
Sections include:
Migration Requirements .................................................................... 76
Migration Tasks ................................................................................. 77
Migration Sequence ........................................................................... 79
75
Migration Requirements
Review the following points before you plan your migration:
• The following utilities are no longer available: gencerts, class, config, and pass.
• AS2 partnerships no longer have outbox/send, outbox/failed, and other subdirectories. In
SecureTransport 4.9.x, all items are located in the outbox folder of the SiteMailbox application
associated with the user account for the AS2 partnership.
• All SecureTransport 4.5.x agents have been replaced by new built-in agents which work for
SecureTransport 4.7 and later.
• Inventory all agents, applications, configuration, and other items that your IT and business
groups, Tumbleweed Professional Services, the Axway Professional Services Organization, or
any third parties must migrate. Plan and schedule the required tasks.
• Make sure the planned completion date of the migration is consistent with your rollout plans for
your current configuration and your future configuration and deployment.
• Run SecureTransport 4.9.x in parallel with your current SecureTransport 4.5.x production
system for at least two months. Use this time to gain an understanding of SecureTransport 4.9.x,
learn how to use the new features, and gain confidence in its performance, scalability, stability,
and reliability while you implement your required functionality on SecureTransport 4.9.x.
• Minimize the down time of your production SecureTransport system when switching from
SecureTransport 4.5.x to 4.9.x.
• Include a back-out plan to make sure you that you can quickly switch from your new
SecureTransport 4.9.x system to your previous SecureTransport 4.5.x production system.
Task Description
Reassess and coordinate Since the release of SecureTransport 4.5.x, there have been one major
overall requirements and release (4.6.0) and several feature or maintenance releases
objectives culminating in SecureTransport 4.9.1. In light of these releases,
reassess your overall requirements and objectives.
Do not port your 4.5.1 work to SecureTransport 4.9.x without
considering how you can meet your requirements and objectives by
effectively using the features added to SecureTransport since 4.5.x
and coordinating your requirements and implementation plans with
SecureTransport 4.9.x functionality. This appendix uses “coordinate”
for this process.
Rewrite Perl agents as Because the performance of external agents written in Perl is a very
Java in-process agents significant cause of performance issues with SecureTransport, to gain
the benefits of the performance improvements that SecureTransport
4.9.x provides, reimplement all Perl agents in Java either using your
development staff or by partnering with the Professional Services
Organization.
Reassess and coordinate Engage with the Professional Services Organization and other
security requirements technical resources to revisit the requirements of your IT Security
Audit team and to determine how SecureTransport 4.9.x meets those
requirements or must customized to meet them.
Coordinate and implement Considering the extensive UI changes in SecureTransport 4.6 and
user interface (UI) additional changes made in the other releases, engage with the
changes Professional Services Organization and other technical resources to
reassess any changes you or the Professional Services Organization
has made to 4.5.x and coordinate that work with SecureTransport
4.9.x.
Reassess and coordinate SecureTransport 4.6.x added PGP encryption. Determine if this
PGP additions encryption feature meets your requirements. Plan any custom work
necessary to meet your requirements.
Migrate system, account, Using SecureTransport 4.5.x commands, extract system, account, and
and user configuration user configuration and create XML files that SecureTransport 4.9.x
can import. SecureTransport 4.9.x can import some or all of this
configuration.
Migrate certificates Move the certificates from SecureTransport 4.5.1 to 4.9.x.
77
Task Description
Migrate rules packages If your SecureTransport 4.5.x implementation includes any custom
rules packages you created, make sure the precedence level for each
rule follows the new precedence level settings. For more information
about precedence levels and creating custom rules, see the
SecureTransport Developers Guide. Also, modify the custom rules
that use built-in agents and remove these agents.
Note:
• Do not copy 4.5.x agents to your 4.9.x system.
• Do not modify a 4.9.x agents. If necessary, copy the agent and
modify the copy.
Migrate work from the Make sure that the Professional Services Organization migrates all
Professional Services custom code and related work built by the Professional Services
Organization Organization for your implementation of SecureTransport 4.5.x.
Check the high Log in to your Primary node using the Administration Tool. If you do
availability or high not see the Synchronize button, follow the steps for high availability
capacity clustered clustered deployment in the SecureTransport Administrators Guide.
deployment
79
80 SecureTransport Installation Guide
Appendix D
Tumbleweed Appliance SAN Card
This chapter describes how to configure the optional SAN card for the Tumbleweed Appliance and
gives its specifications.
Sections include:
Configuring the SAN Card................................................................. 76
SAN Fibre Card Specifications .......................................................... 80
75
Configuring the SAN Card
The ST5620, ST5720, ST6620, and ST6720 appliances can be configured with an optional SAN card.
This section explains how to configure the card to use OCFS2 and how to set up OCFS2. Use OCFS2
when you want to set up a cluster with the SAN card.
To learn more about OCFS2, go to www.novell.com/documentation and search on the word OCFS2.
For best results when using OCFS2 and the SAN Device:
• Do not install SecureTransport on a OCFS2 volume.
• Place all the user home directories on an OCFS2 volume.
• Make sure that the port number specified in the cluster.conf file for OCFS2 is accessible
between all the nodes in the cluster.
For SAN card specification information, see SAN Fibre Card Specifications on page 80.
TIP:
When configuring SecureTransport user home directories, make sure to store them on an
OCFS2 volume that all nodes in the cluster have access to. See the SecureTransport
Administrators Guide for user home configuration.
Using the formula, you can determine the wait time using the heartbeat threshold setting of 9:
(9 - 1) * 2 = 16 seconds
77
b Edit the IP address, host name, and IP port number (the default port number is 7777), if
required for each node. If you changed the cluster name from the default of ocfs2, make
sure it is the same for all nodes. If you did not configure the o2cb driver using the correct
cluster name, you need to reconfigure the cluster driver using the new cluster name.
c Add additional nodes by copying and pasting the node section and modifying it for each new
node. The name setting for each node must match the hostname. The node_count setting
for the cluster needs to contain the total number of nodes in the cluster.
node:
ip_port = 7777
ip_address = 192.168.1.1
number = 0
name = localhost1
cluster = ocfs2
node:
ip_port = 7777
ip_address = 192.168.1.2
number = 1
name = localhost2
cluster = ocfs2
cluster:
node_count = 2
name = ocfs2
d Save the file and copy it to all the nodes in the cluster.
5 Restart the O2CB cluster service to make the changes to take effect.
Type /etc/init.d/o2cb stop to stop the cluster service.
Type /etc/init.d/o2cb start to restart the cluster service.
OCFS2 Parame-
Description and Recommendation
ter
Volume label (-L) A descriptive name for the volume to make it uniquely identifiable when it
is mounted on different nodes.
Use the tunefs.ocfs2 utility to modify the label as needed.
Cluster size (-C) Cluster size is the smallest unit of space allocated to a file to hold the data.
You can choose between 4, 8, 16, 32, 64, 128, 256, 512, and 1024 KB.
The cluster size cannot be modified after the volume is formatted.
If you plan to use the volume to store large files such as database files, a
cluster size of 128 KB or more is recommended. For smaller files, you can
use anything from 16 to 64KB.
Number of node The maximum number of nodes that can concurrently mount a volume. On
slots (-N) mounting, OCFS2 creates separate system files, such as journals, for each
node. Nodes that access the volume can be a combination of architectures
such as x86, x86-64, ia64, ppc64 and s390x.
Node-specific files are called local files. A node slot number is appended to
the local file. For example: journal:0000 is the local file for the node
assigned to slot number 0.
Set the maximum number of node slots for each volume when you create it,
based on the number of nodes that will concurrently mount the volume. Use
the tunefs.ocfs2 utility to increase the number of node slots as needed.
However, you cannot decrease the number of node slots.
Block size (-b) The smallest unit of space addressable by the file system. Specify the block
size when you create the volume.
Options include 512 bytes (not recommended), 1 KB, 2 KB, or 4 KB. 4 KB
is the recommended size for most volumes. The block size cannot be modi-
fied after the volume is formatted.
79
3 To auto-mount the SAN virtual disk space, do the following:
a Edit the file /etc/init.d/SANmount and modify the virtual device name and mount point
appropriately. The text in bold shows where to modify the file:
#! /bin/sh
. /etc/rc.status
# First reset status of this service
rc_reset
echo -n "Accessing SAN mount point ..."
mount /dev/<SAN LUN> /<mount point>
# Remember status and be verbose
rc_status -v
rc_exit
b To activate auto-mounting of the SAN volume when booting the system, type the following
command:
chkconfig SANmount on
NOTE:
This card is only offered when you purchase the appliance; it is not available separately.
The following information is provided to help you use the SAN card properly.
• The optional SAN card is a QLogic SANblade QLE2462. Make sure you only connect
compatible SAN devices to this card. For a list of compatible devices, contact QLogic at
http://www.QLogic.com.
TIP:
To see the full datasheet for the SANblade QLE2462, go to the Qlogic web site at
http://www.QLogic.com/EducationAndResources/DataSheetsResourcelibrarySan.aspx.
• The card is dual-channel (Dual Port 4-Gbps Fibre Channel (FC) to PCI Express Host Bus
Adapter [HBA])
• Bus Interface: PCI Express x4
• Data Rate: 4/2/1 Gbps auto-negotiation (4.2480/2.1240/1.0625 Gbps)
This section describes typical operation and maintenance procedures for your Tumbleweed
Appliance.
Sections include:
Powering Up, Shutting Down, or Rebooting ..................................... 76
Reconfiguring the Appliance ............................................................. 77
75
Powering Up, Shutting Down, or Rebooting
Use the following procedures to power up your Tumbleweed Appliance, shut it down, or reboot it.
To force a shutdown:
• If the appliance is “hung” for a long period or does not respond to pressing the Power button
momentarily, press and hold down the Power button. This forces the appliance to shut down
immediately.
WARNING:
Forcing a shutdown (pressing and holding the Power button, pulling the AC power cord, or an
unexpected power loss) can cause data loss and render the appliance inoperable. In installations
where there can be occasional power dropouts, an uninterruptable power supply (UPS) is
recommended.
NOTE:
Do not pull the AC power cord or force a shutdown and turn the appliance back on to reboot. This
could cause damage to the appliance hard drives and render the appliance inoperable.
77
78 SecureTransport Installation Guide
Glossary
Account – Contains information about a user or a internal system that processes SecureTransport
file transfers. SecureTransport supports two kinds of accounts: user and service.
Action – An action is a set of agents that are triggered when certain conditions are met. Actions can
be either agents written in Java which allow in-process sharing of information between agent
invocations or an external mechanism used to integrate with agents written in scripting languages
such as Perl or Python. Such actions can be performed through a shell mechanism.
Agent – Code that implements all or part of the business logic associated with an event.
Agent interface – The set of inputs and outputs used during agent execution.
Apache – The Apache HTTP Server.
Application framework – SecureTransport provides an application framework in which you can
create runtime and post-process workflow to automate file processing. The SecureTransport
application frames includes user and service accounts, applications, subscriptions, and transfer sites.
Availability – The degree to which a system suffers degradation or interruption in its service to the
customer as a consequence of failures of one or more of its parts.
Certificate – SecureTransport supports three types of certificates: login , partner, and private. Login
certificates are used to login to SecureTransport servers. Partner certificates are used for encrypting
PGP and AS2 data to an account and verify the signature of data. Private certificates are used or
decrypting and signing PGP and AS2 data.
Certificate Authority – CA. Also called a Trusted Third Party. An entity (typically a company)
that issues digital certificates to other entities (organizations or individuals) to allow them to prove
their identity to others.
Certificate Signing Request (CSR) – An unsigned certificate for submission to a Certification
Authority, which signs it with the Private Key of the CA Certificate. Once the CSR is signed, it
becomes a real certificate.
Cluster Model – A group of associated SecureTransport servers is known as a cluster. A cluster
contains one primary server (machine) and one or more secondary servers. The primary server
retrieves items from the internal SecureTransport Event Queue and distributes them among the
secondary servers. When the primary server goes down, a secondary one takes over assuring the high
availability of SecureTransport services.
Condition – A boolean expression that contains a comparison condition or a condition function. A
condition can examine events and event attributes.
Condition function – A Java class that evaluates input parameters and returns a true or false value
depending on the result such as a class that parses an Electronic Data Interchange (EDI) file and
compares the value of a data element with a string.
75
Cygwin – Cygwin provides a Linux-like environment for Windows. SecureTransport uses the
Cygwin monitor and tools.
DMZ – Demilitarized Zone. A network area that sits between an organization's internal network and
an external network, usually the Internet.
DN – Distinguished Name. A name that uniquely defines a directory entry within an LDAP database
and locates it within the directory tree. A DN is similar to a fully-qualified file name in a file system.
DNS – Domain Name Server. A general-purpose distributed, replicated, data query service chiefly
used on Internet for translating hostnames into Internet addresses.
Event – An occurrence or happening that is significant to a task or program, such as the completion
of an input/output operation.
External Agent – An agent executed by the Transaction Manager through a separate process.
Those agents can be written in any programming language.
FIPS – Federal Information Processing Standards. Published by the National Institute of Standards
and Technology (NIST), these standards are used by all non-military government agencies and
contractors. All computer-related products purchased by the US Government must conform to FIPS
requirements.
Firewall – A piece of hardware or software functioning in a networked environment to prevent
communications forbidden by the security policy. A firewall has the basic task of controlling traffic
between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and
an internal network (a zone with high trust).
FQDN – Fully qualified domain name. The unique name of a network entity, consisting of a
hostname and a domain name that can resolve to an IP address.
In-process Agent – An agent written in Java directly executed by the Transaction Manager Java
Virtual Machine.
When the SecureTransport Server is first setup, you must select a keystore password.
LDAP – Lightweight Directory Access Protocol. A networking protocol for querying and modifying
directory services running over TCP/IP.
Load Balancing – A technique used to spread work between many processes, computers, disks or
other resources.
OpenSSL – Open Source toolkit for SSL/TLS
Package – A group of related rules.
PEM – Privacy Enhanced Mail (PEM) is an early form of message security and authentication that
uses public key encryption. PEM requires a public key infrastructure ( PKI). SecureTransport
provides the PKI environment for PEM security.
PGP Key Encryption – A hybrid of conventional and public key cryptography, PGP key
encryption provides a high level of transaction security. PGP takes an encrypted plaintext message,
compresses it; and generates a random number session key. Then, a fast, secure encryption algorithm
is used to encrypt the plaintext into ciphertext. After the encryption, the key is additionally encrypted
to the receiver’s public key. The resulting key-encrypted session key is sent with the ciphertext to the
receiver. At the receiving end, the process is reversed. The receiver’s PGP copy uses the associated
private key to decrypt the ciphertext.
Precedence – A number higher than 0 used to determine which rules are executed when the
conditions match more than one rule. The lower the number, the higher the precedence. Rules with
the highest precedence are executed. If you need to have multiple actions fire in a certain order under
the same set of conditions, you should use one rule with multiple actions in sequence.
77
78 SecureTransport Installation Guide
Index
Symbols C
<FILEDRIVEHOME> 22 canceling the appliance installation 28
canceling the Unix-based installation 25
A canceling the Windows installation 32
certificate
about SecureTransport 2
ftpd 54
about this guide 3
generate 54
accounts https 54
account manager 8 internal 50, 51
application manager 8 MDN 54
master administrator 8 self-issued 55
setup administrator 8 SSL server 55
admin port 31 TM 54
admin service 8 Transaction Manager 54
admind certificate 54 validity period 52
administration accounts 8 certificate alias 54, 55
AIX 20 certificate attributes 44
Apple Safari certificate authority
supported versions 9 external 53
appliance certificate authority (CA) 51
installation prerequisites 14 certificates 8
IP address 77 admind 54
network settings 77 Edge 54
operating system upgrade 14 SecureTransport Edge 55
powering down 76 SecureTransport Server 54
powering up 76 changing the keystore password 50
rebooting 76 character tags 75
reconfiguring 77 checklist
supported models for upgrade 38 SecureTransport Server 44
uninstalling 77 clean up the setup account 66
upgrading 38 common name (CN) 52
appliance installation configuring AS2 60
canceling 28 configuring FTP 59
ARG_MAX configuring HTTP 59
changing 12 configuring SSH 60
AS2 port number 60 configuring the backend TM server on SecureTransport Edge
Axway Appliance 5 61
Axway Support configuring the proxy server on SecureTransport Edge 61
Global 5 configuring the Transaction Manager server on
SecureTransport Server 61
B configuring TM 61
backend TM server 61 core server license 48
backup before upgrade Cygwin 78
Unix-based platforms 34 Cygwin cron 40
Windows 39
backup recovery
Windows 40
browsers
supported 9
build number 20
Index - 75
D I
database IBM AIX 20
port 8, 31 installation prerequisites 10
database service 8 requirements 12
digital certificates 51 supported versions 11
distributed administration IBM AIX in an LPAR 12
secret file 23, 31 importing the SecureTransport Edge CA certificate into
SecureTransport Server 65
E importing the SecureTransport Server CA certificate 63
installation
enable AS2 (non-SSL) 60 non-root 22
enable AS2 (SSL) 60
installation name 21
exchanging CA certificates 62
installation path 22
exporting the SecureTransport Edge CA certificate 64
installation prerequisites
exporting the SecureTransport Server CA certificate 62 Unix-based servers 10
external CA 54 installation prerequisites for Unix-based servers 14
external certificate authority 53 installation summary 24
installation type 22, 30
F installer 26, 35
features license 48 installing on Microsoft Windows 29
files changed when upgrading 67 installing on Unix-based platforms 20
fingerprint installing SecureTransport licenses 48
SSH server public key 61 internal certificate authority 51
FIPS 2 Internet Explorer
FIPS 140-2 Level 1 certification 58 supported versions 9
FIPS transfer mode IP address
certified cryptographic libraries 58 Server 45
client-initiated transfers 58
Firefox J
supported versions 9
JFS filesystem
firewall 67 large file support 12
FTP port number 59
ftpd certificate 54 K
G key alias 61
keystore password 46, 50
general information before installation 8
generate certificate 54 L
generating a permanent internal CA 51
license 28, 48
H install 48
Rich Internet Client 49
hardware requirements license agreement 29, 36
installation 9 licenses
temporary 9 core server 48
HTTP and FTP features 48
setup 57 log on
HTTP port number 59 server 46
HTTP proxy 67 logging on to the server 46
httpd certificate 54
Index - 77
Sun Solaris 20 Unix-based servers
installation prerequisites 10 installation prerequisites 10
supported versions 11 minimum hardware requirements 10
SunOS 20 Red Hat Enterprise Linux, Sun Solaris, IBM AIX, SUSE
Linux Enterprise Edition 10
supported browsers 9
Upgrade prerequisites
supported operating systems 11, 17
Windows 39
SUSE Linux Enterprise Edition 20
upgrade prerequisites
installation prerequisites 10 Unix-based platforms 34
requirements 13 upgrading
supported versions 11 files and directories added 68
files changed 67
T files deleted 69
files modified 70
temporary hardware requirements 9
Unix-based platforms 35
TM certificate 54
upgrading an Tumbleweed Appliances 38
TM port number 61 upgrading on Unix-based platforms 34
TM server port 54 upgrading on Windows 39
Tomcat user accounts
JK port 8, 22, 31 administration 8
shutdown port 8, 31
Transaction Manager V
configuring 61
validity in days 52
server port 54
virtualized environments 12
Transaction Manager certificate 54
Tumbleweed Appliance W
installation prerequisites 14
IP address 77 web browsers
network settings 77 supported 9
operating system upgrade 14 WIndows
powering down 76 uninstalling 78
powering up 76 Windows
backup before upgrade 39
rebooting 76
Cygwin cron 40
reconfiguring 77
destination folder 30
uninstalling 77
installation options 31
upgrading 38 installation requirements 17
installing on 29
U minimum hardware requirements 17
Options dialog box 31
uninstaller script 76, 77
SecureTransport services 41
uninstalling SecureTransport on an appliance 77 supported versions 17
uninstalling SecureTransport on Unix-based servers 76 upgrade prerequisites 39
uninstalling SecureTransport on Windows 78 Windows installation
Unix-based installation canceling 32
canceling 25 Windows registry 39
Unix-based operating systems
supported 11 Y
Unix-based platforms YaST configuration utility 14, 15, 77
backup before upgrade 34
installing 20
upgrade prerequisites 34
upgrading 34, 35
Unix-based server
uninstalling 76