Go directly to contents.
Suomi.fi Data Exchange Layer

Installing the Security Server Software on a RHEL server

With this article’s instructions you can install the Security Server Software on an RHEL server in all environments (FI, FI-TEST and DEV) of the Data Exchange Layer.

DO NOT use these instructions for updating the software of an already installed Security Server. The update process is described in separate instructions:

The instructions in this article are for the latest X-Road version currently used in the Data Exchange Layer. You can check the version currently used in the Data Exchange Layer on the Version updates page. The instructions are also suitable for installing the RHEL 8 operating system. In this case, be sure to change the version number in the commands.

Step-by-step instructions

1. Install RHEL 8 or RHEL 9

Install the RHEL 8 or RHEL 9 operating system as a server version.

2. Install EPEL and retrieve the necessary packages

Install the Extra Packages for Enterprise Linux (EPEL) by entering the following commands:

sudo su -l
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

Retrieve the following packages from EPEL:

  • crudini
  • rlwrap

Further information about the Extra Packages for Enterprise Linux (EPEL) repositoryOpens in a new window..

3. Define the repository and keys to be used

Define the link to the correct repository depending on the environment in which you are installing.

Use either rhel8 or rhel9 depending on the version you installed.

Development environment (FI-DEV)

yum-config-manager --add-repo http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-dev-current/stable
rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-dev-current/niis.public.asc

Test environment (FI-TEST)

yum-config-manager --add-repo http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-test-current/stable
rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-test-current/niis.public.asc

Production environment (FI)

yum-config-manager --add-repo http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-prod-current/stable
rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel9-prod-current/niis.public.asc

4. Configure the NTP software settings

The Security Servers of the Suomi.fi Data Exchange Layer must use NTP time servers whose time source is the official Finnish time produced by VTT MIKES. RHEL uses Chrony by default for NTP search. For more information about time servers, please contact your organisation’s service provider. Configure the NTP servers that meet the requirements in the following file:

/etc/ntp/step-tickers

Then restart the time service by entering the following command:

/bin/systemctl restart ntpd.service

5. Check whether the /tmp directory has been mounted with the noexec switch.

If the /tmp directory has been mounted with the noexec switch, the admin UI will not start, since it needs the /tmp directory to function.

Use the mount command to check this.

mount

Check whether the resulting printout contains the identifiers /tmp and noexec. Sample printout:

/dev/loop0 on /tmp type ext3 (rw,noexec,nosuid,nodev)

If the printout contains /tmp and noexec (such as in the sample above), you need to modify the /etc/fstab file to delete the noexec switch. Furthermore, to apply the changes immediately, the directory must be remounted with the following command:

mount -o remount,exec /tmp

6. Start the installation

Start the installation with the following command:

yum install xroad-securityserver-fi

7. Add an administrator and password

Type the following command to add an administrator for the administration interface and define a password for the administrator:

xroad-add-admin-user <administrator_id>

8. Start the Security Server

The Security Server starts automatically as it is installed and rebooted. You can also start the Security Server by typing the following command:

systemctl start xroad-proxy

9. Connect the Security Server to the test or production environment of the Data Exchange Layer

Connect the server to the test (FI-TEST) or production environment (FI) as described in a separate instruction.

Troubleshooting

If the UI of the Security Server does not respond or gives an error message, perform the following steps.

1. Check whether IPv6 is enabled. Open the following file with an editor:

#vi /etc/sysctl.conf

2. Check whether the setting on the following lines is 0:

# disable IPv6 net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0

If this is the case, change the setting to 1:

# disable IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1

3. Save the file and exit from the editor. Apply the changes you made by typing the following command.

# sysctl -p
Updated: 6/5/2025

Are you satisfied with the content on this page?