Product Documentation

The SKCE module—to be hereafter called the CryptoEngine Module (CEM) in SAKA—requires configuration changes to access the newly created domain. Follow these steps to configure the CEM:

  1. Login to SAKA as strongauth.
  2. Execute create-SKCE-Users.sh to setup service credentials for the CEM. Specify did for domain number that was newly created and a password for the service credentials:

    shell> create-SKCE-Users.sh <did> <password>
  3. Change directory to /usr/local/strongauth/skce/etc.

    shell> cd ~/skce/etc
  4. Edit the skce-configuration.properties file.

    Update the value of the following properties. For the username and password properties, provide values specified in Create System Users [Primary]:

    skce.cfg.property.saka.cluster.1.domain.1.id=
    skce.cfg.property.saka.cluster.1.domain.1.password=
    skce.cfg.property.saka.cluster.1.domain.1.username=

    If you are planning to use more than one domain for the CEM, update the values of the following properties:

    skce.cfg.property.saka.cluster.1.domain.1.id=
    skce.cfg.property.saka.cluster.1.domain.1.password=
    skce.cfg.property.saka.cluster.1.domain.1.username=
    skce.cfg.property.saka.cluster.1.domain.2.id=
    skce.cfg.property.saka.cluster.1.domain.2.password=
    skce.cfg.property.saka.cluster.1.domain.2.username=
    skce.cfg.property.saka.cluster.1.domains.count=
  5. Use sudo and restart the Payara application server (supply the strongauth user's password when prompted):

    shell> sudo /sbin/service glassfishd restart 
  6. Change directory to /usr/local/strongauth/bin.

    shell> cd ~/bin
  7. Execute the script, KC-SetPINTool.sh.

    shell> ./KC-SetPINTool.sh
  8. Using the red, green, and blue flash drives, set the PINs for the three Key Custodians to activate the cryptographic hardware module on the appliance, ensuring there are no errors in Window1 or Window2.