Child pages
  • Installing OpenAttestation v2.1 on Ubuntu
Skip to end of metadata
Go to start of metadata

steps for installing Attestation Server

1- install needed programs and libraries
apt-get update # udpate apt-get
apt-get install git maven #install maven
apt-get install openjdk-7-jdk #install java (JDK 7)

#if you get warnings: locale: Cannot set LC_CTYPE to default locale: No such file or directory OR locale: Cannot set LC_ALL to default locale: No such file or directory
# run these commands to fix the warning and set your locales
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
dpkg-reconfigure locales

# make sure you are using the right version of Jdk because other versions can be installed with the OS or other programs.
# to check if you are using jdk 1.7 run the following commands
update-alternatives --config java

#now you should receive an output like this
There are 2 choices for the alternative java (providing /usr/bin/java).

Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java 1061 auto mode
1 /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java 1061 manual mode
2 /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java 1051 manual mode


in this case jdk7 is selection 2 so simply type 2 or whatever jdk7 selcetion number in your system.

 


2- get source code and compile it

cd home #on your machine it can be any other folder
git clone https://github.com/OpenAttestation/OpenAttestation/ #copies OpenAttestation to your home directory
cd home/OpenAttestation
git checkout v2.1 #this tutorial is for v2.1
mvn clean install #this step may take several mintues depending on your interent speed

 

3- install required packages

apt-get install openssl

apt-get install libssl-dev

 

4- install MySQL

apt-get install mysql-server

5- install tomcat and run it.

apt-get install tomcat7

/usr/share/tomcat7/bin/startup.sh   #run this script to start the server 

if the above command shows error : 

touch: cannot touch `/usr/share/tomcat7/logs/catalina.out': No such file or directory

simply create logs as follows:

mkdir /usr/share/tomcat7/logs

rerun the startup.sh command.

test your server by accessing IP_ADDRESS:8080 from your browser

you should see a page saying that it works

6- in your java home directory add the following line to the following file as follows:

updatedb

locate jre/lib/security/java.security

now use the output of the previous command 

nano $previous-command-output

add the following line:

 security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

 

7- create necessary database

mysql -uroot -p<password> -e 'create database mw_as'; 
mysql -uroot -p<password> mw_as < /home/OpenAttestation/database/mysql/src/main/resources/com/intel/mtwilson/database/mysql/mtwilson.sql

 

8- create configuration files

mkdir -p /etc/intel/cloudsecurity
chown -R tomcat7:tomcat7 /etc/intel  (give permission for tomcat7)
cd /etc/intel/cloudsecurity

 

# nano /etc/intel/cloudsecurity/mtwilson.properties
 mtwilson.api.baseurl=https://<server ip>:8181
 mtwilson.api.ssl.policy=TRUST_FIRST_CERTIFICATE
 mtwilson.db.driver=com.mysql.jdbc.Driver
 mtwilson.db.url=jdbc:mysql://localhost/mw_as 
 mtwilson.db.user=root
 mtwilson.db.password=password
 
 # nano /etc/intel/cloudsecurity/privacyca-client.properties
 PrivacyCaUrl=https://<server ip>:8181/HisPrivacyCAWebServices2
 PrivacyCaSubjectName=HIS_Privacy_CA
 PrivacyCaPassword=***replace***
 EndorsementCaSubjectName=Endorsement_CA_Rev_1
 EndorsementCaPassword=***replace***
 CertValidityDays=3652
 AikAuth=1111111111111111111111111111111111111111
 ecStorage=NVRAM
 ecSigningKeySize=2048
 ecLocation=/opt/intel/cloudsecurity/trustagent
 TpmOwnerAuth=1111111111111111111111111111111111111111

 

 # nano /etc/intel/cloudsecurity/PrivacyCA.properties
 ClientFilesDownloadUsername=admin
 ClientFilesDownloadPassword=password
 # nano /etc/intel/cloudsecurity/attestation-service.properties
 com.intel.mountwilson.as.trustagent.timeout=3
 com.intel.mountwilson.as.attestation.hostTimeout=60
 com.intel.mountwilson.as.home=/var/opt/intel/aikverifyhome
 com.intel.mountwilson.as.aikqverify.cmd=aikqverify
 com.intel.mountwilson.as.openssl.cmd=openssl.sh
 saml.key.alias=samlkey1
 saml.keystore.file=SAML.jks
 saml.keystore.password=changeit
 saml.validity.seconds=3600
 saml.issuer=https://<server ip>:8181 
 saml.key.password=changeit
 privacyca.server=<server ip>
 com.intel.mtwilson.as.business.trust.sleepTime=1
 # nano /etc/intel/cloudsecurity/trust-dashboard.properties
 mtwilson.tdbp.keystore.dir=/etc/intel/cloudsecurity
 mtwilson.tdbp.keystore.password=password
 imagesRootPath = images/
 trustUnknow = images/Unknown.png
 trustTure = images/Trusted.png
 trustFalse = images/UnTrusted.png
 ubuntu = images/ubuntu.png
 vmware = images/vmware.png
 suse = images/suse.png
 kvm = images/kvm.png
 xen = images/xen.png
 mtwilson.tdbp.sessionTimeOut = 1800
 mtwilson.tdbp.paginationRowCount = 10
 # nano /etc/intel/cloudsecurity/whitelist-portal.properties
 mtwilson.wlmp.keystore.dir=/etc/intel/cloudsecurity
 mtwilson.wlmp.keystore.password=password
 mtwilson.wlmp.openSourceHypervisors=KVM;Xen
 mtwilson.wlmp.sessionTimeOut=1800
 mtwilson.wlmp.pagingSize=8

 

9-  Install aikqverify

cp $HOME/OpenAttestation/services/aikqverify/target/aikqverify-2.1.zip $HOME
cd $HOME
unzip aikqverify-2.1.zip
cd aikqverify-2.1
make
make install

chown -R tomcat7:tomcat7 /var/opt/intel/aikverifyhome/data #give permission to tomcat7

 

10 - Create SAML Signing Key

note: replace values between <> to the corrosponding values in /etc/intel/cloudsecurity/attestation-service.properties created in previous steps

# cd /etc/intel/cloudsecurity
 # keytool -genkey -alias <saml.key.alias> -keyalg RSA  -keysize 2048 -keystore <saml.keystore.file> -storepass <saml.keystore.password> -dname "CN=AttestationService, OU=Mt Wilson, O=My Org, C=US" -validity 3650  -keypass <saml.key.password>
 # keytool -export -alias <saml.key.alias> -keystore <saml.keystore.file> -storepass <saml.keystore.password> -file saml.crt

 

11- Create Attestation Server Certificate



 

 

 

 

 

 

  • No labels