Installation prerequisites
Before you can run the installation program, make sure you have done all pre-installation preparations.
-
Make sure the server requirements are met.
-
If you don’t use the wizard’s included SQL server, create the needed databases on your SQL server.
-
Set up the certificate service:
-
Create and configure the Net iD Portal Certificate Template.
-
Configure the Enrollment Agent (Computer) Template
-
Create the Encryption Certificate Template.
-
Server requirements
Make sure that the server requirements for Net iD Portal are met:
-
-
2 Cores CPU is recommended
-
8GB of RAM
-
VMWare and Hyper-V is supported
-
Firewall and port settings
Make sure firewalls are configured and that the necessary ports that Net iD Portal needs are open. See below for more information.
System service name | Application protocol | Protocol | Ports |
---|---|---|---|
CertSvc |
RPC |
TCP |
135 |
CertSvc |
Randomly high TCP Ports* |
TCP |
49152–65535 |
HTTPFilter |
HTTPS |
TCP |
443 |
MSSQLSERVER |
SQL over TCP |
TCP |
1433 |
LSASS |
LDAPS Server |
TCP |
636 |
LSASS |
LDAPS Server |
UDP |
636 |
Create a service account
Create a service account that Net iD Portal will use.
This could either be a group Managed Service Account (gMSA) or a regular domain user account, depending on your organization’s security policy.
Set up the database service
Do this if you use another SQL server than the one included in the installation. |
This installation pack includes an SQL Server Express that will get installed on the Net iD Portal server. Below are instructions in case another, external SQL server is used.
Create three databases on your SQL server:
-
NiPDB
-
NiPDB_log
-
NiPDB_logClient
Give the service account the following permissions on all three databases:
-
db_owner
Set up the certificate service
A certificate service to manage the certificates (enrollment, revocation) needed by Net iD Portal is required.
Certificate templates are the sets of rules and settings that are configured on a CA to be applied against incoming certificate requests. Certificate templates also give instructions to the client on how to create and submit a valid certificate request.
Create and configure the Net iD Portal Certificate Template
-
The service account needs the following permissions on the certificate service:
-
Read
-
Issue and Manage Certificates
-
Request Certificates
-
-
Right-click on Certificate Templates, and then click Manage.
-
Right-click certificate template Smartcard User, and then click Duplicate Template.
-
Click the General tab. In the Template display name box, type the name of your certificate template, and in the Validity period box, type the validity period.
In this example, we will name it Net iD Portal SmartCard User. -
Click the Subject Name tab, and in the Subject name format list, select how you want the subject of the certificate to look like.
-
Click the Issuance Requirements tab, and under Require the following for enrollment, click This number of authorized signatures.
-
In the Application policy list, click Certificate Request Agent.
-
Click the Sucurity tab. Under Group or user names, click Authenticated Users, and under Permissions for Authenticated Users click Read and Enroll in the Allow column.
-
Click OK to close the Properties of New Template dialog.
-
Right-click Certificate Templates, click New, and then click Certificate Template to Issue.
-
Click the certificate template you just created, and then click OK. In this example, we named it Net iD Portal SmartCard User.
Configure the Enrollment Agent (Computer) Template
-
Right-click Certificate Templates and then click Manage.
-
Right-click the Enrollment Agent (Computer) certificate template, and then click Properties.
-
Click the Security tab. Under Group or user names, click the server you will install Net iD Portal on, and under Permissions for <server name>, click Read and Enroll in the Allow column.
-
Right-click Certificate Templates, click New, and then click Certificate Template to Issue.
-
Click the certificate template Enrollment Agent (Computer), and then click OK.
Create the Encryption certificate Template
Generate a certificate from the web server template and name it Net iD Portal Encryption on your web server.
-
Click All Tasks, and then click Request Net Certificate.
-
Give the certificate the common name (CN) Net iD Portal Encryption.
Web service certificate permissions
-
Make sure you have a web server certificate with your DNS name installed on the web server. You can either generate an internal one or use a third party certificate provider.
-
Open Microsoft Management Console (MMC) and go to Certificates – Local Computer (certlm.msc)
-
Right-click Certificates, click All Tasks, and then click Request New Certificate.
-
Click Enrollment Agent (Computer) certificate, and then click Enroll.
-
When the enrollment is done, for each certificate, right-click your Enrollment Agent (Computer) certificate, web server certificate, and encryption certificate, click All Tasks, and then click Manage Private Keys.
-
Give the service account the following permissions:
-
Read
-