From version 5.3 the Activator Tool (AT) is available. The AT can be used to perform the following operations:
- Issue System Owner (SO) token
- Issue Operator tokens (OT)
- Generate Operator Service Key Store (OSKS) installer.
The AT is a standalone application that is located in the tools folder of the vSEC:CMS installation. The AT is named Versasec-Activator.exe in this folder. The AT requires internet access so it may be necessary to copy the AT to a host that has internet access if the vSEC:CMS is installed in a restricted environment.
The AT will communicate with this URL - https://versasec.com/requestissuer.php. If you are facing connection issues you can paste into a browser on the host and verify if you can connect to the URL. You should get a HTTP:400 response code which verifies that you can at least connect to our issuance service.
Issue SO Token
Every installation of vSEC:CMS requires a SO token. The SO token can be seen as a bootstrap token which is required to initialize the vSEC:CMS on first use. The SO token will have our CMS applet installed on it. This will contain important license information about the system you are installing. Any customer can create their SO token using the AT. You will need to have an activator code in order to perform this task. This code should be provided by your CMS provider.
You will need to have either a Gemalto ID Prime MD 830 token or a Gemalto ID Prime .NET token that the AT can provision our CMS applet to. For the Gemalto ID Prime MD 830 token it needs to be a specific type of this token. Your provider should be able to provide this to you. Additionally, the token should be in default factory state.
The Thales IDPrime smart card minidriver (sometimes referred to as Safenet driver) needs to be installed on the host where you are running the AT from. The minimum version that should be installed is 10.7.185.
The host where you are running the AT from will need to have an internet connection.
In order to provision the SO token, start the AT. From the Smart Card Selection select the reader from the drop-down list that the SO token is inserted into. Click the Issue System Owner Card to start the provisioning. Enter the activator code when prompted. It may take a few minutes to complete the provisioning. Once done you can then use the SO token to initiate the vSEC:CMS on first use.
If the process fails or you wish to restore the token to default state you can click the Clean Smart Card button to perform a restore to default state.
Issue OT
OT’s are the physical smart card token that the operator uses to access the vSEC:CMS application console to perform operations or configurations on the system. The OT will have the CMS applet installed on it. The most important feature of this applet is that it will store the master key used by the CMS when performing administration key operations with the smart card tokens managed by the vSEC:CMS.
You will need to have either a Gemalto ID Prime MD 830 token or a Gemalto ID Prime .NET token that the AT can provision our CMS applet to. For the Gemalto ID Prime MD 830 token it needs to be a specific type of this token. Your provider should be able to provide this to you. Additionally, the token should be in default factory state.
The Thales IDPrime smart card minidriver (sometimes referred to as Safenet driver) needs to be installed on the host where you are running the AT from. The minimum version that should be installed is 10.7.185.
The host where you are running the AT from will need to have an internet connection.
You will need to have possession of the SO token to perform below steps.
In order to provision the OT, start the AT. It will be necessary to have either the SO token or a full-featured operator token attached to the host where you are running the AT. From the Smart Card Selection select the reader from the drop-down list that the SO is inserted into. You should see that the License Information pane is filled with the specific licensing details as applicable to your system.
Click the Issue Operator Card button to begin the process. You will be prompted to enter the SO PIN if the SO card has already been used to initialize the vSEC:CMS in your environment. If not, the process will continue.
You will be prompted to remove the SO token and attach the OT. It is important that you follow the on-screen instructions during this process otherwise the provisioning of the applet will fail. It may take a few minutes to complete the provisioning. Once done you can then take the OT and this can be issued to an operator for use in the vSEC:CMS, typically issued from the Lifecycle page of the vSEC:CMS console.
If the process fails or you wish to restore the token to default state you can click the Clean Smart Card button to perform a restore to default state.
Generate OSKS Installer
The OSKS is used by the vSEC:CMS to perform administration key operations. In order to set this up it will be firstly required to generate an OSKS installer.
It will be required to use the SO to perform this task.
The Thales IDPrime smart card minidriver (sometimes referred to as Safenet driver) needs to be installed on the host where you are running the AT from. The minimum version that should be installed is 10.7.185.
The host where you are running the AT from will need to have an internet connection.
In order to generate the OSKS installer start the AT. Attach the SO token and from the Smart Card Selection select the reader from the drop-down list that the SO is inserted into.
Click the Create Key Store button. Enter the PIN for the SO when prompted. At the end of the process you will be prompted to save the OSKS installer. Save the installer to complete this process.
Then you should move this installer to the server where the vSEC:CMS is installed.