Go directly to contents.
Suomi.fi Data Exchange Layer

Configuring a Security Server with the X-Road toolkit

This article describes how to configure a Security Server using the X-Road toolkit. For basic information about the X-Road toolkit, see a separate support article.

Prerequisites for using the X-Road toolkit

  • The Hosting Server on which the Security Server Software is installed has a RHEL operating system (7.8) or Ubuntu operating system 20.04 LTS or 22.04 LTS installed.
  • Installation packages for the Security Server based on the Hosting Server (RHEL, Ubuntu) are installed on the Hosting Server.
  • Python version 3.6 or later is used.
  • The required ports are open on your server before configuring the Security Server. For more information about firewall openings, see section 2 of the deployment instructions.
  • The Security Server is named according to the instructions.

Read more about the prerequisites for deployment on GitHubOpens in a new window..

1. Registering a Security Server

1. Use your browser to connect to the administration interface.

The administration interface can be found at https://{hostname}:4000, where {hostname} is the name of the installed Security Server.

2. Log into the administration interface of the Security Server.

3. Import the into the system configuration anchor you received from the Data Exchange Layer administrators. Select Upload, locate the configuration anchor, and then click Import

4. Select Confirm to confirm that you wish to import the configuration anchor into the system.

  • Member Code: the business ID of your organisation
  • Member Name: the name of your organisation (the system should autocomplete it)

If the autocomplete does not work, check that your security server can connect to the central server at port TCP/80. A common cause for an autocomplete failure is that an outgoing connection from your server to the central server is not allowed.

  • Security Server Code: the unique identifier of the security server, typically the host part of the server name.

5. Enter the PIN code (password) set by the person who installed the Security Server, minimum length 10 characters. The PIN code must contain characters from at least three of the following categories: lowercase characters, uppercase characters, numbers and special characters. Store the PIN code in a safe location.

If everything went right, the added member should appear in Saved mode.

2. Install X-Road toolkit

You can find instructions for installing Toolkit on GitHubOpens in a new window..

3. Specify the required function and details of the Toolkit in the YAML configuration

The required function and details of the Toolkit are specified in the YAML configuration. Information to be specified includes:

  • Security server details, such as its FQDN and
  • the details of the security server owner, such as the type of organisation.

Read more about editing the YAML configuration file on GitHubOpens in a new window..

4. Run the specified actions

You can run the actions defined in the Toolkit configuration according to the following instructions:

1. Run the entire configuration at once using the xrdsst apply command. The run ends with a notification that the certificates must be signed.

2. Download the certificate requests with xrdsst cert download-csrs command and send them for signature to palveluvayla@palveluvayla.fi.

3. After you receive the signed certificates from Data Exchange Layer support, add the path to the signed certificates in the configuration file.

4. Next, continue running the entire configuration with the xrdsst apply command.

Parts of the configuration can be run one by one with subcommands. You can find individual commands in the NIIS Guidelines on GitHubOpens in a new window..

Errors

If any errors occur during the configuration of the Security Server, configuration stops on the error message. The error message explains where the error occurred and how to correct it. If the error message does not help or you are unable to correct the error, contact Data Exchange Layer support at palveluvayla@palveluvayla.fi.

Please note If you use the X-Road Toolkit to configure a condensed Sidecar Slim (docker) Security Server, you will receive an error message that the configuration of the timestamp service failed. This is because Sidecar Slim does not include a logging or timestamp service meaning these cannot be configured. This error can be bypassed because the Security Server can be configured and the Security Server operates regardless of the error message.

Read more about errors on GitHubOpens in a new window..

After configuring the Security Server, you can move to adding the subsystem. Follow the instructions given in the Connecting a new subsystem to a security server and deleting a subsystem from a security server support article.

Updated: 29/10/2024

Are you satisfied with the content on this page?