Scribd
Upload
780 views25 pages

CipherTrust Manager - Hands-On - Overview and Basic Configuration

CipherTrust Manager - Hands-On - Overview and Basic Configuration

Uploaded by

bertin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
780 views25 pages

CipherTrust Manager - Hands-On - Overview and Basic Configuration

CipherTrust Manager - Hands-On - Overview and Basic Configuration

Uploaded by

bertin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 25

CipherTrust Manager Professional Certification Course

HANDS-ON: OVERVIEW & BASIC CONFIGURATION

CPL Technical Training


Revision History

Revision Date Reason

B 9 February 2023 Updated Content

Trademarks, Copyrights, and Third-Party Software


Copyright © 2023 Thales Group. All rights reserved. Thales and the Thales logo are trademarks and
service marks of Thales and/or its subsidiaries and affiliates and are registered in certain countries. All
other trademarks and service marks, whether registered or not in specific countries, are the properties
of their respective owners.
CPL Technical Training Documentation
The information contained in this document is intended solely for your personal reference and for
learning purposes and is provided AS IS and with no warranties. Such information is subject to
change without notice, its accuracy is not guaranteed, and it may not contain all material/information
concerning Thales (the ‘Company’). The Company makes no representation regarding, and assumes
no responsibility or liability for, the accuracy or completeness of, or any errors or omissions in, any
information contained herein. The Company may update or supplement the information at any time.
In addition, the information contains projections and forward-looking statements that may reflect the
Company’s current views with respect to future events. These views are based on current
assumptions which are subject to various risks and which may change over time.
Disclaimer
All information herein is either public information or is the property of and owned solely by Thales DIS
France S.A. and/or its subsidiaries or affiliates who shall have and keep the sole right to file patent
applications or any other kind of intellectual property protection in connection with such information.
Nothing herein shall be construed as implying or granting to you any rights, by license, grant or
otherwise, under any intellectual and/or industrial property rights of or concerning any of Thales DIS
France S.A. and any of its subsidiaries and affiliates (collectively referred to herein after as “Thales”)
information.
This document to be solely used for informational, non-commercial, internal and personal use only
provided that: (a) The copyright notice below, the confidentiality and proprietary legend and this full
warning notice appear in all copies; (b) document shall not be posted on any network computer or
broadcast in any media and no modification of any part of this document shall be made; and (c) is not
relied upon for any other reason other than use described above. Use for any other purpose is
expressly prohibited and may result in severe civil and criminal liabilities.
Thales hereby disclaims all warranties and conditions with regard to the information contained herein,
including all implied warranties of merchantability, fitness for a particular purpose, title and non-
infringement. In no event shall Thales be liable, whether in contract, tort or otherwise, for any indirect,
special or consequential damages or any damages whatsoever including but not limited to damages
resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with
the use or performance of information contained in this document.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 2
Copyright © 2023 Thales Group. All rights reserved.
Contents

Contents

Part 1: Overview .................................................................................................................... 4


Prerequisites ...................................................................................................................................................... 4
Duration .............................................................................................................................................................. 4
Objectives .......................................................................................................................................................... 4

Part 2: Configuring CipherTrust Manager .............................................................................. 5


Section 1: Logging in to the Thales Training Platform ....................................................................................... 5
Section 2: Logging in to CM Web GUI ............................................................................................................... 6
Section 3: Logging into CipherTrust via PuTTY (ksadmin) ................................................................................ 7
Section 4: CipherTrust Manager User Interface ................................................................................................ 9
Section 5: Downloading the CLI Tool ............................................................................................................... 13
Section 6: Configuring and using the ksctl Tool ............................................................................................... 14
Section 7: Configuring the User and Password ksctl File ................................................................................ 14
Section 8: Presenting the Keys List ................................................................................................................. 15

Part 3: Using the API Playground ........................................................................................ 17


Section 1: Creating a Key via the API .............................................................................................................. 17

Part 4: Backing Up & Restoring CipherTrust Manager ........................................................ 20


Section 1: Backing Up using ksctl .................................................................................................................... 20
Section 2: Backing Up using the Web UI ......................................................................................................... 21
Section 3: Restoring CipherTrust Manager...................................................................................................... 22
Section 4: Viewing Restored Data ................................................................................................................... 25

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 3
Copyright © 2023 Thales Group. All rights reserved.
Part 1: Overview

Part 1: Overview

Prerequisites
For this exercise, you will need:
 Internet connection
 Access to the Thales training platform

Duration
This training course will take approximately 1.5 hours.

Objectives
In this exercise, you will:
 Learn how to access CipherTrust Manager (aka: CM) from the Web GUI and CLI tools
 Basic Configuration of the CM

By the end of this exercise, you should be able to:


 Log in and use the CM with Web GUI and CLI tools

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 4
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

Part 2: Configuring CipherTrust Manager

In part two, you will learn how to log in to CipherTrust via the Web UI using a browser to perform basic
operations. Log in to CipherTrust using the SSH tool (PuTTY) or with the ksadmin user.

Section 1: Logging in to the Thales Training Platform


An invitation email was sent to you to access the CipherTrust training platform. Open the email and click
the link. You’ll need to be logged in to the training platform in order to start the hands-on.

Note: When a new instance of CipherTrust is started for the first time, and the DHCP
service is enabled on the network, CM is automatically assigned an IP address and
basic network configurations.
Network configurations can be set up using the nmcli user.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 5
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

Section 2: Logging in to CM Web GUI


1. From the training platform, open CipherTrust Manager and make note of the IP address that was
assigned to CM.

2. Open Windows Server from the training platform.


3. Open your browser and enter the CipherTrust IP Address as the site name.
The Login window opens.
4. Enter the following:

User admin

Password Thales123!

You are now logged in to the web GUI console.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 6
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

Section 3: Logging into CipherTrust via PuTTY (ksadmin)


Follow the procedure below to log in to CipherTrust via PuTTY using the ksadmin user.
1. On Windows Server 2019 desktop, open the Training folder.
2. Click PuTTY to open the SSH session in CM.
3. In the left pane, click the SSH>Auth option.

4. Click Browse and select the private.ppk file


(\Users\Administrator\Desktop\Training\ CipherTrust Keys\private.ppk).

5. Return to the session option, enter the CipherTrust IP Address and click Open. PuTTY authenticates
to the CM with a key (the key that PuTTY authenticates with, is a private key. The private key is part of
a key pair in which the public key was used to set the CM authentication).

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 7
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

The PuTTY login Window opens.

6. Enter the ksadmin user and press Enter. This opens ksadmin cli.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 8
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

Section 4: CipherTrust Manager User Interface


In this section, you will explore the CipherTrust User Interface, create Users, Groups and a test key.
1. Click the Access Management option on the screen.

2. In the left pane, select Access Management > Users tab and then click Add User on the right of the
screen.

3. Enter the following:

User Name Test

Password Thales123!

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 9
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

ksctl-win-amd64.exe users
If required, you can choose to reset password in the following window:

4. Click Add User.


The newly created user is displayed:

5. In the left pane, Click Keys and then on the right of the screen, click Add Key.

6. Enter the following:

New Key Name test_key

7. Select the following:


 Key Name
 Algorithm
 Size

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 10
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

8. Click Add Key.

Ensure the newly created Test user is selected as the key owner. Click the .

9. Under Groups name, enable Show All Groups ensure that the new Key is
part of the Key Users group.

10. Select the options Exportable and Deleteable, and then click Update at the bottom of the window.

The Test key is created:

11. Go back to the CM’s main Web UI page.


12. Click Admin Settings.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 11
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

13. In the left pane, select System and Interfaces.

14. Edit the nae port by clicking the three dots on the right of the protocol.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 12
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

15. Under the Mode field, select No TLS, allow anonymous logins, and then click Update.

Note: During this lab hands-on, you will not use strong authentication. When preforming
a POC or customer production, use strong authentication, it can be selected from the list
below.

16. Verify that the port is set to 9000.

Section 5: Downloading the CLI Tool


The kscli tool enables the administrator to run API commands and use the CLI to configure CipherTrust
Manager.
1. Log in to the CM Web UI.
2. Click API on the right side of the screen.

3. Click the CLI Guide tab, and on the right of the browser, click CLI to download the kscli tool. Save the
ZIP file on your desktop.

4. Unzip the file, the folder contains files for Windows, Mac and Linux OS’s.

5. Create a folder named ksctl on your desktop, and then copy the ksctl-win-amd64.exe file to the new
folder.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 13
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

Section 6: Configuring and using the ksctl Tool


The CLI uses a set of commands, which corresponds to all CipherTrust Manager REST APIs.
1. From Windows Server 2019, open the command prompt.
In CMD, open the location of the ksctl tool by typing:
cd C:\Users\Administrator\Desktop\Training\ksctl
2. Run the command to present the users list.
ksctl-win-amd64.exe users list --url https://10.160.10.10 --user admin --
password Thales123! --nosslverify

Section 7: Configuring the User and Password ksctl File


To use the pscli tool, User and password credentials must be provided to use the pscli tool. The CM user
and password file are created with the following connection information: IP, User and Password.
1. Copy the config_example.yaml taken from the ksctl zip file, to the ksctl folder with the ksctl-win-
amd64.exe file located on the desktop.
2. Edit the config_example.yaml by changing the name of the file to config.yaml change the user,
admin and URL, and then save your changes.
 KSCTL_VERBOSITY: false
 KSCTL_RESP: json
 KSCTL_USERNAME: admin
 KSCTL_PASSWORD: Thales123!
 KSCTL_URL: https://10.160.10.10
 KSCTL_JWT:
 KSCTL_NOSSLVERIFY: true

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 14
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

 KSCTL_TIMEOUT: 30

Section 8: Presenting the Keys List


1. From CMD, open the location of the ksctl tool on the Desktop. Type the following:
cd C:\Users\Administrator\Desktop\ksctl
2. Run the following command to view the keys list:
ksctl-win-amd64.exe --configfile config.yaml keys list

3. Try running additional commands to view additional information with the ksctl tool.
For example:
 To view the group list, run:
ksctl-win-amd64.exe --configfile config.yaml groups list

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 15
Copyright © 2023 Thales Group. All rights reserved.
Part 2: Configuring CipherTrust Manager

 To view Users list run:


ksctl-win-amd64.exe --configfile config.yaml users list
 To create user in the CM run:
ksctl-win-amd64.exe --configfile config.yaml users create -n userksctl -p
Thales123!

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 16
Copyright © 2023 Thales Group. All rights reserved.
Part 3: Using the API Playground

Part 3: Using the API Playground

In part three, you will learn how to use the API Playground to create a Key.

Section 1: Creating a Key via the API


1. Log in to the CM web UI.
2. Select the API tab and then click Authenticate.
3. Enter the following:

User admin

Password Thales123!

4. Click Post.

Note: This authenticates you for 300 seconds to make API calls.

5. To view the keys created in CM:


a. On the left pane, select the Keys tab.
b. Under the Keys section, click Get.
c. Click the number 200.
d. Click Get.
The keys that exist in the CM are presented.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 17
Copyright © 2023 Thales Group. All rights reserved.
Part 3: Using the API Playground

6. To create a new key, browse to Keys > Create API.


(Notice the token is still valid in the Authorization field)
7. In the Body field, on the right pane, you'll see an example for key generation. You can edit that as per
your requirements. Edit the following parameters:
 Name
 deactivationDate
 protectStopDate
8. Click POST.

Note: A response of 201 is good.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 18
Copyright © 2023 Thales Group. All rights reserved.
Part 3: Using the API Playground

9. Scroll-down and inspect the created key.

10. Verify the key via the Web UI:


a. Log in to the CM Web UI.
b. Click Keys and access Management.
c. On the left pane, click Keys.

The created key will be listed.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 19
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

Part 4: Backing Up & Restoring CipherTrust


Manager

Section 1: Backing Up using ksctl


In part four, you will back up and restore CipherTrust Manager. The restore will be performed on a different
CipherTrust Server (in this lab hands-on, the server name is CipherTrust Restore).
When a backup is created, it starts an asynchronous job which may take a while, depending on the amount of data.
1. On the Windows 2019 Server, run CMD and browse to the ksctl tool from the folder that was created on
the desktop in Section 7 above.
2. Run the backup command with the ksctl tool.
ksctl-win-amd64.exe --configfile config.yaml backup create

3. List the backups that were created.


ksctl-win-amd64.exe --configfile config.yaml backup list

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 20
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

4. The Backup is created with the default backup key of the CM, create a new key for backup.
ksctl-win-amd64.exe --configfile config.yaml backupkeys create

5. Copy the id parameter (it is the id of the new key).


For example: "id": "a5c6eb19-e91b-4c52-a08d-678ba1986eda"
The key is unique.
6. Run the backup with the newly created key.
ksctl-win-amd64.exe --configfile config.yaml backup create --keyid a5c6eb19-
e91b-4c52-a08d-678ba1986eda

Section 2: Backing Up using the Web UI


1. Log in to the Web UI.
2. Click Admin Settings.
3. Click the Backup option.
4. Click Create Backup.
5. Select System Backup (full backup), and then click Next.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 21
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

6. Select the relevant backup key and click Save.

The Backup is created.

Section 3: Restoring CipherTrust Manager


In this section you will learn how to restore CipherTrust Manager from a backup to a different CipherTrust (the
CM in this lab hands-on is: ChiperTrust – Restore).
Before starting this section, ensure the following:
 The restore operation will be performed on a different Server than the main CipherTrust Server.
 If your system is not clustered, you can restore it back to itself.
If it is clustered, you will need to create a new CipherTrust.
The restoring of the CM is performed using the ksctl tool.

1. Export the backup with the same key with which the backup was made. The –id parameter is the backup id
to be copied from the Web UI.
2. To download the backup file and run the following command (the –id parameter is the backup id).
On Windows Server 2019, open CMD and type:
cd C:\Users\administrator\Desktop\ksctl

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 22
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

3. Download the backup file by running the following command:


ksctl-win-amd64.exe --configfile config.yaml backup download --id "6a9af43f-
6247-481b-8a77-373554ebc16d" --file "backup.txt"

4. Copy the file that was backed up from:


C:\Users\administrator\Desktop\ksctl\Backedup_file.txt
to the folder: C:\Users\administrator\Desktop\Training\restore ksctl.

Note: In this lab hands-on, you have only one main CM. Restore the CM to a new CM.

The key with which the backup is encrypted must be transferred to the appliance where the backup will be
restored. The backup key is required for the restore. To transfer a backup key, it must be downloaded using
the command ksctl.
5. Run the command to export the backup encryption key (ksctl command), open CMD, browse to the ksctl
folder and then run the following command:
ksctl-win-amd64.exe --configfile config.yaml backupkeys download --id a5c6eb19-
e91b-4c52-a08d-678ba1986eda --file sysbkkey.txt
A notification appears stating that a password is required to protect the file.
6. Type the password and click Enter.
7. The sysbkkey.txt is the backup file in which the keys are saved. The sysbkkey.txt file is located in the
folder that contains the ksctl application.

8. Copy the sysbkkey.txt key to the folder:


C:\Users\administrator\Desktop\Training\restore ksctl
9. Upload the backup key to the appliance where the backup will be restored. On Windows 2019 Server, open
the CMD, and type: cd C:\Users\administrator\Desktop\Training\restore ksctl.
10. Click Enter.
11. Upload the keys to the restored CM Server, by running the following command:
ksctl-win-amd64.exe --configfile config.yaml backupkeys upload --file
"C:\Users\administrator\Desktop\Training\restore ksctl\sysbkkey.txt"
When prompted, type the password of the backup key file.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 23
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

Before uploading the backup file, located under:


C:\Users\administrator\Desktop\Training\restore ksctl \Backedup_file.txt
run the following command to ensure that it is the correct file:
ksctl-win-amd64.exe --configfile config.yaml backup inspect --file "
C:\Users\administrator\Desktop\restore ksctl\backup.txt

Note: The config.yaml file of the restore server is preconfigured with the CM restore Server
IP, User name and password.

13. Upload the backup to the CM, where it will be restored, open the CMD and type the following command:
cd C:\Users\administrator\Desktop\Training\restore ksctl
14. Click Enter. To upload the restore file and then run the command:
ksctl-win-amd64.exe --configfile config.yaml backup upload --file "backup.txt"

15. Restore the uploaded backup (the id parameter is the backup id).
ksctl-win-amd64.exe --configfile config.yaml backup restore --id "6a9af43f-
6247-481b-8a77-373554ebc16d"

16. Run the restore status command, until Status Completed is displayed.
ksctl-win-amd64.exe --configfile config.yaml backup status

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 24
Copyright © 2023 Thales Group. All rights reserved.
Part 4: Backing Up & Restoring CipherTrust Manager

Section 4: Viewing Restored Data


In this section, you will learn how to view the restored data on the CipherTrust Restore Server.
1. Check the restore data by logging in to the Web UI of the restored CM.
Open a browser and type the following IP: 10.160.10.11
2. Click Enter and then enter the following:

User Name admin

Password Thales123!

3. In the left pane, click Keys.


The test keys created in the first CM, will be presented in the restored CM.

CPL Technical Training Documentation


CipherTrust Manager Professional Certification Course - Hands-On: Overview & Basic Configuration Rev. B 25
Copyright © 2023 Thales Group. All rights reserved.

You might also like