The following pages are intended for the Network Engineer or Administrator for the Digi-CA™ system that is responsible for preparing the network and servers, prior to installation.
To avoid delays with the install of your Digi-CA™ system and to avoid the postponement or complete cancellation of your installation, follow the instructions on each of these pages very carefully.
If in doubt, or need technical assistance, email digi-cast@digi-sign.com [1] to contact a member of the Digi-CAST™ [2].
[3] Usually a stable and recent enough Sendmail software is provided for your convenience by the Operating System Vendor and we recommend using the release that the Vendor included in its Operating System distribution. For further information about Sendmail or to download its most recent release, visit the Sendmail website on www.sendmail.org [4].
Usually a stable and recent enough GCC compiler is provided for your convenience by the Operating System Vendor and we recommend using the release that the Vendor included in its Operating System distribution. For further information about the GNU C Compiler or to download its most recent release, visit the GNU GCC website on gcc.gnu.org.
OpenSSL 0.9.8c compiled from source code distribution with necessary patches as per the list below.
Patch Name Version Comments
Time-Stamping [5] 20060923-0.9.8c required for Time-Stamping
nCipher CHIL 0.9.8a to support nCipher HSM
Before you compile your OpenSSL toolkit, you will need to apply the Time-Stamping patch and optionally a Cryptographic Hardware Interface Library patch for interfacing nCipher HSM devices. Both patches are provided with the source distribution of Digi-CA™ and you may find them in the OpenSSL/patches sub-directory of your Digi-CA™ source distribution package. Visit OpenSSL website on www.openssl.org [6] to download the OpenSSL cryptographic toolkit. When configuring and compiling this toolkit, ensure you compile its libraries as dynamically shared. To perform a quick installation, use the Quick Installation guide provided below.
The Quick Installation Guide [QIG] for OpenSSL 0.9.8c suggests that you change working directory to the location where you saved the OpenSSL toolkit source distribution release. For the purpose of this installation guide, we will assume you have saved the OpenSSL toolkit in /usr/local/src directory.
Using tar, unpack files from the archive:
Change working directory:
Using patch, apply patch to enable Time-Stamping feature:
Optionally, apply patch for Cryptographic Hardware Interface Library:
Prepare the installation:
Compile, test and install:
[3] The recommended URL syntax based Network Communication Tool is cURL 7.16.1 and this should be compiled from source code distribution with SSL support enabled. Visit the cURL website on curl.haxx.se to download the cURL source distribution.
Change working directory to the location where you saved the cURL source distribution release. For the purpose of this installation guide, we will assume you have saved the cURL in /usr/local/src directory.
Change working directory:
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile, test and install:
stunnel 4.20 compiled from source code distribution with SSL support enabled. Visit the sTunnel website on www.stunnel.org [7] to download the sTunnel source distribution.
Change working directory to the location where you saved the sTunnel source distribution release. For the purpose of this installation guide, we will assume you have saved the sTunnel in /usr/local/src directory.
Change working directory:
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile, test and install:
The recommended Hashing & Encryption Tools and Libraries are from libmcrypt 2.5.8 compiled from source code distribution. Visit the mCrypt website on mcrypt.sourceforge.net to download the mCrypt library source distribution.
Change working directory to the location where you saved the mCrypt library source distribution release. For the purpose of this installation guide, we will assume you have saved the mCrypt library in /usr/local/src directory.
Change working directory:
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile, test and install:
[3] GNU mHash 0.9.9 compiled from source code distribution. Visit the mHash website on mhash.sourceforge.net to download the mHash source distribution.
Change working directory to the location where you saved the mHash source distribution release. For the purpose of this installation guide, we will assume you have saved the mHash in /usr/local/src directory.
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile, test and install:
mCrypt 2.6.6 compiled from source code distribution. Visit the mCrypt website on mcrypt.sourceforge.net to download the mCrypt toolkit source distribution.
Change working directory to the location where you saved the mCrypt toolkit source distribution release. For the purpose of this installation guide, we will assume you have saved the mCrypt toolkit in /usr/local/src directory.
Change working directory:
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile, test and install:
Apache 2.2.6 Web Server is compiled from source code distribution with SSL support enabled. Visit the Apache website on www.apache.org [8] to download the Apache web server source distribution.
Change working directory to the location where you saved the Apache source distribution release. For the purpose of this installation guide, we will assume you have saved the Apache source distribution in /usr/local/src directory.
Change working directory:
Using tar, unpack files from the archive:
Change working directory:
Prepare the installation:
Compile and install:
[3] MySQL 5.0.37 SQL Database Server and Client is compiled from source code distribution with SSL support enabled. Visit the MySQL website on www.mysql.org [9] to download the MySQL database server source distribution.
Change working directory to the location where you saved the MySQL source distribution release. For the purpose of this installation guide, we will assume you have saved the MySQL source distribution in /usr/local/src directory.
Using tar, unpack files from the archive:
Change working directory:
As super user, add new user and group:
Prepare the installation:
Compile and install:
Copy the recommended MySQL configuration file to its destination folder within your operating system:
Change working directory:
Change ownership of the working directory:
Install default databases:
Change ownership of the working directory:
Before you compile your PHP package, you will need to apply the DigiCA™ Cryptographic patch, that will enable the PHP language with additional cryptography related features required by Digi-CA™. The patch is provided with the source distribution of Digi-CA™ and you may find it in the PHP/patches sub-directory of your Digi-CA™ source distribution directory tree. Visit PHP website on www.php.net [12] to download the PHP package. To perform a quick installation, use the Quick Installation guide provided below.
[3] Change working directory to the location where you saved the PHP source distribution release. For the purpose of this installation guide, we will assume you have saved the PHP source distribution release in /usr/local/src directory.
Using tar, unpack files from the archive:
Patch PHP source with Digi-CA™ Cryptographic Patch:
Change working directory:
Prepare the installation:
Compile, test and install:
For the PHP PEAR DB 1.7.13 and LOG 1.9.11 packages visit PHP PEAR website on pear.php.net to download the PHP PEAR DB and LOG packages. To perform a quick installation, use the Quick Installation guide provided below.
Links:
[1] mailto:digi-cast@digi-sign.com
[2] http://www2.digi-sign.com/service/digi-cast
[3] http://www2.digi-sign.com/downloads/digi-ca admin
[4] http://www.sendmail.org
[5] http://www2.digi-sign.com/digi-ca/administrator/time+stamp
[6] http://www.openssl.org
[7] http://www.stunnel.org
[8] http://www.apache.org
[9] http://www.mysql.org
[10] http://www.perl.org
[11] http://www2.digi-sign.com/digi-ca
[12] http://www.php.net