Chapter 2   Installation


The following chapter outlines the installation procedures for the various components.

Installation Overview

The diagram below illustrates how the various components are related to each other, and the message paths between each component. In order to have a fully functional system all of these components require installation and configuration.

Figure 2-1    Installation Overview

Although it is not necessary to install the components on individual machines the figure above shows the recommended configuration to avoid unnecessary confusion.

There are a number of main steps that need to be applied appropriately to the four machines labeled Machine A - Machine D in the figure.

1. Install the pre-requisite third party software
   1. An Oracle database must be installed and available for use by all of the machines running in the iTPS installation. An Oracle database may be installed on each node in the system, a single node in the system, or an independent node that is accessed by each of the machines.

   2. Install an Identrus compliant PKI. This must include an appropriate Validation Authority component and be capable of supporting the Identrus Certificate Status Check protocol.

   3. Install an nCipher HSM on each machine in order to perform cryptographic operations

2. Install the base components for the Buyer and Seller's banks
   1. Install the iTTM 2.2.1 on both Machines.

   2. Install the iMQ and its patch on both Machines.

   3. Install the iWS 6.0 for the Bank in a Box administration tools on both machines.

3. Install the components that make up the Payments Services product
   1. Install the iTPS 1.0

   2. Install the JMS Proxy

   3. Install the Bank in a Box (BiaB) back office simulator

   4. Install the Bank in a Box (BiaB) administrator tool

4. Install the Buyer and seller web site components
   1. Install the iWS 6.0 on both machines

   2. Install the Buyers Bank Website (BFI)

   3. Install the Sellers Bank Website (Tooledup demonstrator)

5. Optionally install the CPI library for use in developing applications

Third Party Pre-requisites

---

Availability

The CD supplied with the product contains all of the required components to install the system EXCEPT:

1. Oracle 8i

2. An appropriate Certificate Authority

3. An appropriate OCSP responder

4. nCipher software

These will need to be acquired from the appropriate vendor, installed and configured, prior to installing any of the iPlanet Payments Services components.

Oracle requirements

Your Oracle installation must be configured with a user capable of :

1. Creating tables

2. Updating tables

3. Dropping tables

4. Running SQL scripts to populate the database

When installing Oracle you will need to allocate sufficient space to the user. We would recommend the following:

• For every 1000 expected messages you will need a minimum of 20Mb of table space.

• The default block size should set to a minimum of 8k

You will be required to provide the details of the Oracle installation at various points during the installation. The information required will be:

1. Hostname - As appropriate

2. Port number - Generally 1521

3. SID - Generally ORCL

The Oracle instance must be available during the installation of the product as most components require the capability to log into the database using SqlPlus and populating tables from information supplied in SQL scripts.

PKI Requirements

Your software must be configured as PKI compliant with Identrus (See Identrus Document IT-PKI http://www.identrus.com ) including all Transaction Coordinator profiles.

It is expected that the RA, CA, and VA components are running during the installation as certain components require certificates to be issued.

nCipher requirements

The nCipher components are generally stand alone and little information is required about the nCipher components. It is however useful to know the port that the nCipher Hardserver is running on (Default is 9000) as this is required at some points during installation.

Buyer and Seller Bank base components

---

iTTM 2.2.1

Each Bank machine will need to have an iTTM installed and configured.

In order to install these components you will need to follow the instructions in the iTTM 2.2.1 installation guide. See, for instance

http://docs.iplanet.com/docs/manuals/trustbase/221/install/contents.htm

or

/cdrom/cdrom0/iTTM

The instructions in chapter 1 Pages 13-62 provide information on how to install the following:

1. iWS 4.1

2. iAS 6.0

3. iTTM 2.2.1

It also provides information on how to configure and check that the components are operational.

NOTE: All of the software for the above installation is included on the iTPS CD.

iPlanet Message Queue for Java 2.0

The iPlanet message Queue (iMQ) component provides a means for the iTPS and the Bank in a Box components to communicate with each other. This means that an iMQ installation must be performed on both the Buyers and Sellers bank machines.

iPlanet Message Queue for Java is shipped with iTPS and may be found in the iMQ2.0 sub directory on the CD.

/cdrom/cdrom0/iTPS/iMQ2.0

Installation

The iMQ installation uses the Solaris package mechanisms to install the software on the machine. Assuming that the supplied CD has been mounted on /cdrom then the following commands will install the software:

cd /cdrom/cdrom0/iTPS/iMQ2.0/imq2_0-pkgs

pkgadd -d ./

You will be asked a question during the installation. Unless you have specific installation requirements then by using the defaults provided you will install all of the iMQ packages. These settings will fulfill the iTPS iMQ requirements.

If you require further information then details of how to install iMQ 2.0 can be found in point 7 within the following document that requires vi or Adobe acroreader to read:

http://docs.iplanet.com/docs/manuals/javamq/20/install.pdf

Example installation and Configuration

bash-2.03# uncompress imq2_0-dev-solsparc.tar.Z

bash-2.03# tar -xvf imq2_0-dev-solsparc.tar

bash-2.03# pkgadd -d imq2_0-pkgs

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

Once the iMQ is installed, install the SP1 patch. This process is documented in the file:

/cdrom/cdrom0/iTPS/iMQ2.0/SP1/111858-01/install.pdf

NOTE: The file although containing a .pdf extension is a test file and may be read using the vi editor. Once the software has been installed on either the buyer or seller machine, perform the second installation before progressing to patch the iAS installation.

Configuring with iAS

The next step is to configure the iAS installed as part of the iTTM 2.2.1 installation to use the appropriate iMQ installation. This operation will need to be performed on both of the Buyer and Seller machines. Before performing this operation it is important to ensure that the iAS has been shut down. This can be performed by executing the following scripts:

<iTTM install directory>/TTM/Scripts/stoptbase

<iTTM install directory>/TTM/Scripts/stoptias

If the iTTM had been installed in `/opt/TTM' the commands would be:

/opt/TTM/Scripts/stoptbase

/opt/TTM/Scripts/stoptbase

To configure iAS for use with iMQ, execute jmssetup. This must be performed as the root user. You will be asked several questions, now illustrated below:

bash-2.03# cd /opt/iplanet/ias6/ias/jms/bin

bash-2.03# ./jmssetup

iAS install directory is /opt/iplanet/ias6/ias

Are you using IBM MQ v5.1 as message provider [Y] :n

Enter the dynamic library run path (LD_LIBRARY_PATH) for your JMS message provider. When finished, hit return only) :

Will append to LD_LIBRARY_PATH? Is this correct? [Y] :

Enter the elmements (absolute path) for the JMS provider CLASSPATH

When finished, hit return only. :/opt/SUNWjmq/lib/jmq.jar

Enter the elmements (absolute path) for the JMS provider CLASSPATH

When finished, hit return only. :/opt/SUNWjmq/lib/jmqadmin.jar

Enter the elmements (absolute path) for the JMS provider CLASSPATH

When finished, hit return only. :

Will append :/opt/SUNWjmq/lib/jmq.jar:/opt/SUNWjmq/lib/jmqadmin.jar to CLASSPATH?

Is this correct? [Y] :y

Once configured on one machine, configure the second machine before progressing to installing the iTPS components.

At this point there is no need to start the iMQ services. Instructions for starting the iMQ service are shown in Chapter 4.

Installing the iWS 6.0 for BiaB administration

In order to be able to install the Bank in a Box administrator component, a web Server needs to be available. The iTPS CD contains a iWS 6.0 package that is shipped for this use.

Run the iWS6.0 setup tool located in

/cdrom/cdrom0/iTPS/iWS6.0

Selecting the default values for the installation may cause the iWS 6.0 installation to clash with the iWS 4.1 installed for the iTTM 2.2.1. In order to avoid this ensure that the Administration server port and the Web server port are set to values other than 8888 and 80 respectively.

When installing the iWS 6.0 make sure that you select the option that specifies an external JDK 1.2 i.e. /usr/java as the JDK included does not support the BiaB administration tools.

Ensure that a web server is installed on both the Buyer and Seller bank machines prior to moving on to the installation of the iTPS components.

Installing iTPS Components

---

The iTPS components reside on both the Buyer and Seller bank machines. The following sections describe the installation of these components.

Payments Services installation

Make sure you have installed and configured iPlanet Trustbase Transaction Manager 2.2.1 and iPlanet Message Queue for Java 2.0

1. Make a security back up of your Trustbase directory structure:

   cp -R <Trustbase_install_directory>/Trustbase \ <Trustbase_install_directory>trustbase.bak

This is required because the iTPS install cannot be un-installed, and installing the iTPS more than once on a iTTM installation will not work. If an installation of the iTPS fails for any reason you are advised to restore the backup and start again.

2. Remove the configuration database already installed during the iTTM installation:
   1. At this point the iAS and iTTM components should not be running. Unless they have been started since configuring the iAS for use with iMQ then they will not current be running.

   2. Empty the contents of the configuration table CONFIG from your database. Type the following commands on the machine on which Oracle is installed:
      1. su - oracle

      2. sqlplus

      3. Enter password and User name at the appropriate prompts

      4. delete from config;

      5. commit; exit;

      When iTTM is recreated again the CONFIG table will be recreated automatically.

3. Run the iPlanet Trustbase Payment Services Installation java class

   # cd /cdrom/cdrom0/iTPS

   # java -classpath . EleanorPaymentsInstaller

Figure 2-2    iPlanet Trustbase Payment Services Installation Welcome Screen

Figure 2-3    Locale Selection

Figure 2-4    iPlanet Trustbase Transaction Manager Installation Directory

Figure 2-5    Database Settings

The Oracle database being supplied needs to be the database used by the iPlanet Trustbase Transaction Manager software on which iPlanet Trustbase Payment Services plug-in is being installed. The following information is required:

• Oracle login name,

• Oracle login password

• Oracle hostname

• Oracle port number

• Oracle SID.

Figure 2-6    iPlanet Message Queue For Java Settings

Notes: The JMS Broker port default is 7676 unless a non-default installation of iMQ was performed.

The Outbound Queue name is the queue going from the iTPS to BiaB and will need to be recorded for later use. SELLER_QUEUE is a suitable name for this.

The Queue pool group id will need to be recorded for later use. seller is a suitable id for this.

The other defaults provided should be suitable for a standard installation.

Figure 2-7    Payments Mail Settings

Next enter the following as illustrated above.

• SMTP host. This is the host where customer email acknowledgements are sent.

• From field. This is the From field of the customer acknowledgement email

Figure 2-8    iPlanet Trustbase Payment Server Verification Panel

The screen displays the user's choices in order to aid the correct installation. You will need to make a note of the information in this screen as the information is required to install other components later in the process.

Figure 2-9    Component Selection

On entering the screen the size of iPlanet Trustbase Payment Services software application is displayed. In order to install this software the user needs to select the checkbox.

Figure 2-10    Ready to Install

This screen indicates the amount of space that is required to install iPlanet Trustbase Payment Services software. It also indicates the location of the iPlanet Trustbase Transaction Manager system that the iPlanet Trustbase Payment Services plug-in will be installed into.

You should make a note of these locations as they will be required later in the installation process.

Figure 2-11    Updating iPlanet Trustbase Transaction Manager

Figure 2-12    Installation Summary

Pressing the details button will display the software installed on the system and alterations to the existing configurations of iPlanet Trustbase Transaction Manager.

Configuring the iTPS database tables

The iTPS Transaction Recovery Process needs to access the subjectDN field of the cert_data table during certificate chain retrieval. The standard install of iTTM 2.2.1 does not store the subjectDN information. A update script is provided with the iTPS that converts the iTTM cert_data table into the necessary format while retaining all the stored certificate information.

This is implemented in the shell script is located in:

<iTTM_install_directory>/TTM/Scripts/updateCertDataTable

Following the installation of the iTPS.

This script needs to be run once before iTPS is run. It creates a backup of the original cert_data table as cert_data_backup_<timestamp>, adds the subjectDN to the cert_data table and populates it.

Prior to running the script you will need the following information:

• Oracle database username and password

• Database driver class (Usually oracle.jdbc.driver.OracleDriver)

The following command runs the script:

./updateCertDataTable

An example of this is shown below:

# ./updateCertDataTable

Enter database connection string (e.g. jdbc:oracle:thin:user/user@host:1521:orcl):

jdbc:oracle:thin:rainstorm/rainstorm@k9:1521:k9utf8

Enter database driver class (e.g. oracle.jdbc.driver.OracleDriver):

oracle.jdbc.driver.OracleDriver

Cert count: 1

----------------------------------------------------------------

Creating backup of cert_data --> cert_data_backup_997350025767

Cert: C=GB,O=Identrus,OU=Identrus Root,CN=Identrus Root CA, serial: 1, subject: C=GB,O=Identrus,OU=Identrus Root,CN=Identrus Root CA

Done

Note: If this is a new installation and the iTTM has not been used as a Transaction coordinator then there will be a cert count of 0 and the operation will complete almost instantly. The operation will have been successful as the database table columns will have been updated.

This operation needs to be performed on both the Buyer and Seller banks iTTM installation.

Set up iTPS database tables

1. You will now need to run oracle scripts. If Oracle is not installed on the same machine as the iTPS installation then you either have to copy the ./TTM/V2.2/Config/sql directory to the database server or install the Oracle client on the machine.

2. Assuming the sql directory has been copied to the DB server, log on to the database server, su - oracle

3. Change to directory

   <iTTM_install_directory>/TTM/V2.2/Config/sql

4. Run SQLPlus and enter the username and password

5. Execute the script payments.sql e.g. sqlplus>@payments

6. Exit SQLPlus & the Oracle user.

This will need to be executed on the database(s) used by both the Buyer and Seller banks iTPS installations.

JMS Proxy Installation

The JMS Proxy provides a mechanism for the iTTM to receive inbound messages from an iMQ queue. Messages are taken from the queue and forwarded to iTTM over HTTP. You will need to install a JMS Proxy on both the Buyer and Seller bank machines.

Figure 2-13    Configuring JMS Proxy

Note: This queue is used to send asynchronous response messages from the Bank in a Box to iTPS via the JMS Proxy. The queue name is set as TCQueue/sendName in biabconf.xml and as queue.name in jmsproxy.properties. In order for the JMS Proxy to receive messages on this queue, the queue names used here needs to match.

The JMS proxy is supplied as a compressed archive

/cdrom/cdrom0/iTPS/jmsproxy/jmsproxy.tar

Extract this file in a suitable location e.g.

cp /cdrom/cdrom0/iTPS/jmsproxy/jmsproxy.tar /opt/iplanet

tar -xvpf jmsproxy.tar

JMS Proxy Configuration

To configure the server you will need to modify a number of files using the settings mentioned in the previous section.

1. If you have iMQ on your system in the standard location (/opt/SUNWjmq) you will not need to modify the JMQ_DRIVER setting. If the iMQ is not located in the standard location then:

   Modify the script jmsproxy/scripts/jmsproxy such that the JMQ_DRIVER environment variable is pointing to the correct location for the JMQ driver. e.g. /apps/SUNWjmq

2. Modify the following lines in the jmsproxy /config/jmsproxy.properties:

3. Destination is the URL to which message content will be forwarded (See figure Figure 2-13)

   destination=http://hostname/NASApp/NASAdapter/TbaseNASAdapter?Fo rwarded-by:JMSProxy

   You will need to change just the hostname component as to an appropriate value e.g.

   http://porsche.UK.Sun.COM/NASApp/NASAdapter/TbaseNASAdapter?Forw arded-by:JMSProxy

4. queue.host is the hostname of the machine where the JMS broker is listening.

   queue.host=queue_hostname

   e.g. queue.host=porsche.UK.Sun.COM

5. queue.port The port on which the JMS broker is running by default this will be 7676 unless it was changed during the iMQ installation.

   queue.port=queue_port

   e.g. queue.port=7676

6. queue.name The name of the queue on which to receive messages. This is the asynchronous send queue as specified in the Bank in a Box configuration

   queue.name=BiabOut

Note: Make sure the destination URL is the server host name of the appropriate Buyer or Seller bank iTTM installation. Make a note of this URL as you will need this it again when configuring the Bank in a Box components.

Installing Bank in a Box back office simulator

The Bank in a Box (BiaB) back office simulator is designed to create responses to messages received by the iTPS from the buyer and seller web sites. The BiaB must be installed on both the Buyer and Seller Banks servers.

It is not imperative that the iTTM and iTPS are running during installation, and if they have been started following the iMQ proxy installation it is preferable that they are shut down.

In order to install the BiaB on each machine follow the instructions below:

1. Extract a copy the BiaB files from your cdrom to a suitable location e.g.

   cp /cdrom/cdrom0/biab/biab.tar /iplanet

2. Unpack the tar file

3. To configure the server you will need to modify two files to set certain parameters and run the SQL on the appropriate Oracle database. In order to configure the BiaB follow the instructions below.

4. Run the biab.sql SQL script on the payments database server. This may involve copying the SQL script to the appropriate machine if Oracle is remotely located.

   cd /opt/iplanet/biab/config/sql/

   biab.sql

   sqlplus username/password

   SQLPlus>@biab

   SQLPlus>exit

5. Edit the BiaB script so that the environment variables are correct

   vi biab/scripts/biab

   1. Modify the script such that the ORACLE_DRIVER and JMQ_DRIVER environment variables are pointing to the correct locations for the oracle driver and JMQ driver respectively.

      Note: You will already have a copy of the ORACLE_DRIVER in the ittm sub-directory e.g. <iTTM_install_directory>/TTM/V2.2/Lib3p/10/classes12_01.zip

      Pointing the ORACLE_DRIVER environment variable to this location is an acceptable solution.

   2. If you have iMQ on your system in the standard location (/opt/SUNWjmq) you will not need to modify the JMQ_DRIVER setting.

6. The Biabconf.xml file now needs to be modified. The table below identifies the parameters that require modification. The following text is an example illustrating the configuration settings

   <BiabConfig responseProcessor="com.iplanet.trustbase.payments.biab.test.Test ResponseGenerator" threads="10">

   <TCQueue

   host="porsche.UK.Sun.COM"

   port="7676"

   receiveName="SEND_QUEUE"

   sendName="AsyncResponseQueue"

   connectionFactory="com.sun.messaging.QueueConnectionFactory"/>

   <AdminQueue

   host="porsche.UK.Sun.COM"

   port="7676"

   receiveName="BiabAdmin"

   connectionFactory="com.sun.messaging.QueueConnectionFactory"/>

   <Database

   connectURL="jdbc:oracle:thin:jon/jon@k9:1521:k9"

   driverClass="oracle.jdbc.driver.OracleDriver"

   enableUserTablePrefix="false"/>

   </BiabConfig>

The actual configuration settings and their use are described in the table below:

Element	Attribute	Description	Requires change?
BiabConfig
	responseProcessor	The name of a class implementing the ResponseGenerator interface. This object will be used to return a synchronous response to each BackEndMessage received from the iTPS. If this attribute is absent, no synchronous responses will be sent.	See Note
	threads	The number of threads in the thread pool used for servicing both admin and BackEndMessages entering the system	No
TCQueue
	host	The name of the host where the message queue broker is located	yes
	port	The port on which the message queue broker is listening	yes
	receiveName	The name of the queue on which BackEndMessages will be received. This must be the same as the Send queue that you entered during the iTPS installation.	yes
	sendName	The name of the queue on which asynchronous responses will be sent to the iTPS. This is the same queue as specified in the JMS proxy setup in the queue_name parameter.	yes
	connectionFactory	The class name of the queue connection factory	no
AdminQueue
	host	The name of the host where the message queue broker is located	yes
	port	The port on which the message queue broker is listening	yes
	receiveName	The name of the queue on which Admin messages will be received. This is a unique new queue name that will be used later in the configuration of the BiaB admin tool	yes
	connectionFactory	The class name of the queue connection factory	No
Database
	connectURL	The URL used to connect to the database	yes
	driverClass	The name of the database driver class	yes
	enableUserTablePrefix	Whether to enable user name mapping in table access. If this is enabled, the database queries will be to tables prefixed with the name of the current user. This is disabled by default.	No

Having installed the BiaB on either the Buyer or Seller Bank machines, install the BiaB on the other machine before moving on to the BiaB administration tool.

Installing Bank in a Box Admin Tool

The BiaB administration tool is a Web application designed to run on the iWS 6.0 Web server set up earlier. A BiaB administrator tool should be installed on both the Buyer and Seller Bank machines that host the iTPS and BiaB components. The BiaB Admin tool web application is located on the BiaB directory.

In order to deploy the Web application you must perform the following:

1. Make sure the IWS_SERVER_HOME environment variable is set to your <server_root> directory. A typical example of this might be

   IWS_SERVER_HOME=/opt/iws6;export IWS_SERVER_HOME

2. Make sure that the <server_root>/bin/https/httpadmin/bin directory is in your path.

   PATH = $PATH:$IWS_SERVER_HOME/bin/https/httpadmin/bin;export PATH

3. Deploy Bank in a Box using the iWS 6.0 web application deployment tool wdeploy. The deployment tool takes a number of parameters:

   <uri_path> The URI prefix for the web application. This must be a unique name for the web application for the server it is being deployed to e.g. BiaBAdmin

   <instance> The server instance name e.g. porsche.UK.Sun.COM.

   <vs_id> The virtual server ID e.g. https-porsche.UK.Sun.COM.

   <biab_install_directory> The directory to which the application is deployed. If it doesn't already exist it will be automatically created during deployment. If the directory does exist it needs to be empty.

   cd /cdrom/cdrom0/biab

   wdeploy deploy -u <uri_path> -i <instance> -v <vs_id>

   -d <biab_install_directory> biab-servlet.war

   For example,

   wdeploy deploy -u /BiaBAdmin -i porsche.UK.Sun.COM -v https-porsche.UK.Sun.COM -d /web/biab biab-servlet.war

   will deploy the servlet on the porsche.UK.Sun.COM server instance, and will unpack the war file under the directory /web/biab.

4. Once the application is deployed, modify

   <biab_install_directory>/WEB_INF/classes/queue.properties

   such that it points to the correct JMQ broker.

5. Copy /opt/SUNWjmq/lib/jmq.jar of the JMS provider into <biab_install_directory>/WEB-INF/lib directory

   in the case of iMQ these files can be found in the host iTPS machine under the following directory

   <iMQ_install_path>/SUNWjmq/lib

6. Once the classpath is correct and the queue properties are set, restart the server instance.

7. Once deployed successfully, the Web Site can be accessed from the browser with the following url.

   http://<hostname>:<port>/<uri_path>/Biab

   The BiaB admin tool deployed using the previous wdeploy example would be accessed using:

   http://porsche.UK.Sun.COM/BiaBAdmin/Biab.

   If the server is running and the Web application has deployed successfully the following page will be displayed:

Figure 2-14    Bank in a Box Admin Tool Welcome Screen

Installing the Buyer and Seller websites

---

The following sections describe how to install the components required to run the Buyer and Seller web sites. These web sites will be used to interact with the Buyer and Seller iTPS components installed previously.

Installing the iWS 6.0

In order to run the web applications that make up the buyer and sellers web sites, a web Server needs to be available on each machine. The iTPS CD contains a iWS 6.0 package that is shipped for this use.

Run the iWS6.0 setup tool located in

/cdrom/cdrom0/iTPS/iWS6.0

Selecting the default values for the installation of the iWS 6.0 should be sufficient for most installations. The only non-standard option you will need to specify is the option that specifies an external JDK 1.2 i.e. /usr/java. This is because the JDK included does not support the buyer and seller web site functionality tools.

Ensure that a web server is installed on both the Buyer and Seller machines prior to moving on to the installation of the Buyer and Seller web applications.

Installing Buyers Bank Website

The bank's web site is archived in to a war file. To install the web site, this war file needs to be deployed on the web server. It can be found on your cdrom as illustrated below

/cdrom/cdrom0/bfi/bfi.war

It does not matter whether iTTM and iTPS are running during installation. However they, and all their associated components such as iAS and iWS, should be running if you need to run this component

1. Make sure the IWS_SERVER_HOME environment variable is set to your <server_root> directory. A typical example of this might be

   IWS_SERVER_HOME=/opt/iws6;export IWS_SERVER_HOME

2. Before you can deploy a web application manually, make sure that the <server_root>/bin/https/httpadmin/bin directory is in your path.

   PATH = $PATH:$IWS_SERVER_HOME/bin/https/httpadmin/bin;export PATH

3. Deploy the war file using following command wdeploy command where:

   <uri_path> is the path name specified while deploying the application.

   <uri_path> The URI prefix for the web application.

   <instance> The server instance name.

   <vs_id> The virtual server ID.

   <bfi_install_directory> The directory to which the application is deployed. This directory will be automatically created during deployment, if it doesnt already exist. After deployment, the application will get extracted in this directory. If the directory does exist it needs to be empty.

   wdeploy deploy -u /<uri_path> -i <instance> -v <vs_id>

   -d <bfi_install_directory> /cdrom/cdrom0/bfi/bfi.war

4. An Oracle JDBC driver needs to be installed in the WEB-INF/lib directory. This will be the same Oracle Driver installed in the Buyer and Seller banks iTTM installations in the lib3p/10 directory. The filename used might be oracle-jdbc-815.zip or classes12_01.zip depending on the version of Oracle you are using. Copy this driver into the WEB-INF/lib directory on the Buyers website machine.

5. Go to the directory

   <bfi_install_directory>/WEB-INF/classes.

   Where <bfi_install_directory> is the directory where the web application is deployed. Open the file bfi.properties and edit the details of the Oracle connect string and the config adapter location to reflect the current installation details.

##bfi.properties

driver=oracle.jdbc.driver.OracleDriver

connection=jdbc:oracle:thin:tbase_dbase_user/ \

tbase_dbase_password@tbase_dbase_host:tbase_dbase_port \

:tbase_dbase_sid

ConfigAdapterProperties=

<bfi_install_directory>/WEB-INF/classes/config.properties

The connection string represents the database, where buyer bank's "Bank In a Box" is writing its log. Change the string <bfi_install_directory> with the actual directory name.

6. The Buyers Website needs to communicate with the Buyers Bank. Edit the config.properties file to change the URL to the Buyers Bank iTPS installation.

destinationURL=

http://<Buyer_Bank_HostName>/NASApp/NASAdapter/TbaseNASAdapter

7. This Buyers Bank application needs a signing certificate chain. This chain must be issued by buyer's bank Certificate Authority in IE5 format.

   The easiest way to create these certificates is to use the Certificate Manager utility supplied with the iTTM 2.2.1 product and described in the iTTM 2.2.1 installation guide. You will need to create a PKCS#10 request for an Identrus compliant End Entity Signing Certificate (Relying Customer Certificate), submit this to the CA that acts for the Buyers Bank, and import the resultant Base64 encoded result. Once you have the certificate, follow the instructions in the utility guide to export the certificate chain in IE5 format.

   Now change <Your_certificate.pfx> with the certificate name.

   dummySellerCertFileName=

   <bfi_install_directory>/WEB-INF/classes/<Your_certificate.pfx>

   dummySellerCertPassword=password

   This signing certificate <Your_certificate.pfx> used should also be imported into the browser that will be used to access this website

After you have finished your changes, you will need to re-start the web server for those changes to take effect.

Installing the Seller's Website TooledUp

The Sellers Website (Tooledup demonstration) is delivered in the form of a tar file called merchant.tar.

Before you can begin to install TooledUp you will need to create a local Certificate Database inside the Webserver for it to use. This certificate database will contain from 3-5 certificates depending on how many roles you assign the certificates to perform, the roles are as follows.

1.    Root Certificate or Trust Anchor Certificate (e.g. Identrus Root).

2.    Level One Certificate Authority Certificate. (e.g. RP Bank CA)

3.    End Entity Signing Certificate ( e.g. Signing Certificate e.g. SC from IP Cert) The AIA field within this certificate is used to determine the destination for the payments message)

4.    SSL Client Transaction Certificate ( e.g. SSL Client Signing Certificate)

5. SSL Server Certificate (e.g. Server-Cert)

To create the certificate databases and import the certificate complete the following steps:   

1. Create The Webserver Database
   •       Access the iWS6 admin server e.g.:

     ./<iws6_install_directory>/startconsole

     This will start a browser and allow you to log into the admin server.

   •       Choose the server to manage and click manage.

   •       Click on the security tab (it defaults to `Initialise Trust Database' screen)

   • Type in a new password for database and click <ok>. This will create a new database that can only be accessed using the password you have just given so ensure that you do not forget the password!

2.    Import The Root Certificate.
   •       Click the <Install Certificate> Tab.

   •       Select <Trusted Certificate Authority>, select <message text> and paste in the Base 64 cert from your Root CA

   •       Click <ok>

   • Click <Add Certificate>

3. Import The CA Certificate - Use the same process as Import The Root Certificate (above)

4.    Create and import an End Entity Signing Certificate
   •       Click the <request certificate> tab.

   • Select <CA URL>

   • Enter "None"

   • Enter "password"

   •       Fill in the address details part of the form and press ok.

   •       Copy and paste the BASE 64 Request into your Seller Banks CA certificate request form.

   •       Retrieve reply from CA and copy the Base 64 cert into the webserver form.

   •       Click <Install Certificate.>

   •       Select <This Server>, input a name for the cert (e.g. EE Signing Certificate), make a note of the name as you will need it later, Select Message Text and paste in the base 64 cert from the CA.

   •       Click <ok>

   •       Click <Add Cert>

5.    Request, Generate and Import SSL Client Transaction Certificate - Same as for End Entity Signing Cert, but make sure that the name for the certificate is different (e.g. SSL Client Transaction Certificate), and keep a note of the name as you will need it later.

6. Request, Generate and Import SSL Server Certificate - Same as for End Entity Signing Cert except - do not give this certificate a name as the webserver will assign it `Server-Cert'.

Now you are ready to install tooledup. You will need several pieces of information which the install script will ask you:

1.    The Webserver's install directory - this is by default /usr/iplanet/servers.

2.    The instance name of the webserver you want to install tooledup into. e.g. porsche.UK.Sun.Com

3.    The virtual server name of the virtual server you want to install into e.g porsche.UK.Sun.Com

4.    The certificate database password.

5.    The directory you want to install to.

6.    The name of the Signing certificate ( the end entity signing certificate - View from the Manage Certificates option in the iws6 Admin Server screen).

7.    The name of the SSL Client certificate (view as for Signing Cert).

8.    The name of the trust anchor (view as for Signing Cert).

9.    The Oracle Database Username (For account where tooledup customer/order details will be stored).

10.    The Oracle Database Password.

11.    The Oracle Database Machine.

12.    The Oracle Database Port.

13. The Oracle Database SID.

Once you have prepared this information you are ready to perform the installation.

Follow the steps below and answer the questions to install the tooledup Seller's Application.

1. umpack the following

   tar xvf merchant.tar

2.    cd into the directory

   <tooledup_install_directory>/merchant/scripts.

3.    Type ./install to run the install script

4.    Answer the questions that are asked by the install script.

5.    If the webserver is not running you will get an error saying "Reconfigure Failed" this can be ignored at this stage.

6.    Copy the oracle drivers into the directory deployment_dir/WEB-INF/lib

7.    Log onto your oracle account and run the script install_merchant_ora.sql

   This script can be found in:

   <tooledup_install_directory>/SQLscripts

8. An Oracle JDBC driver needs to be installed in the WEB-INF/lib directory. This will be the same Oracle Driver installed in the Buyer and Seller banks iTTM installations in the lib3p/10 directory. The filename used might be oracle-jdbc-815.zip or classes12_01.zip depending on the version of Oracle you are using. Copy this driver into the WEB-INF/lib directory on the Buyers website machine.

The following is an example transcript console of installing Tooledup

# tar xvf merchant.tar

----Truncated text output from the tar command----

# cd merchant/scripts

# ls

acquireparams install

# ./install

Where is your iPlanet WebServer installation located?

/usr/iplanet/servers/iws6

What is the name of the instance your WebServer instance ?

goblin.uk.sun.com

What is the instance's virtual server called ? [ default ]

https-goblin.uk.sun.com

What is the full path to the directory you wish to deploy the application to ? [ /usr/iplanet/servers/iws6/deploy ]

What is your keystore password ?

password

What is the nick name of the certificate you wish to sign requests with? [ Server-Cert ]

End Entity Signing Cert

What is the nick name of the certificate you wish to use in SSL Client transactions ? [ Server-Cert ]

SSL Client Cert

What is the nick name of the certificate you wish to verify responses with ?

Identrus Root CA - Identrus

What is the username of your oracle instance ? [ tooledup ]

gadgets

What is the password for that user of your oracle instance ? [ tooledup ]

{password}

What is the hostname of your oracle instance ? [ goblin ]

windstorm

What is the network port of your oracle instance ? [ 1521 ]

What is the SID of your oracle instance ? [ ORCL ]

These are the parameters that you input

[1] The server location is [ /usr/iplanet/servers/iws6 ]

[2] The server instance is [ goblin.uk.sun.com ]

[3] The virtual server id is [ https-goblin.uk.sun.com ]

[4] The deployment directory [ /usr/iplanet/servers/iws6/deploy ]

[5] The keystore password is [ password ]

[6] The signing certificate nick name is [ End Entity Signing Cert ]

[7] The SSL signing certificate nick name is [ SSL Client Cert ]

[8] The verification certificate nick name is [ Identrus Root CA - Identrus ]

[9] The oracle user is [ gadgets ]

[10] The oracle password is [ ****** ]

[11] The oracle host is [ windstorm ]

[12] The oracle port is [ 1521 ]

[13] The oracle sid is [ ORCL ]

if these are acceptable hit [0] otherwise hit the number of the parameter you wish to change or hit [e] to leave the installation

0

----------------------------------------------

The directory /usr/iplanet/servers/iws6/deploy does not exist

Do you want to create it ?

----------------------------------------------

y

-------------------------------

Creating directory

/usr/iplanet/servers/iws6/deploy

-------------------------------

What is your domain name ?

uk.sun.com

domain name - uk.sun.com

host name - goblin

Deploying web application

Loading new configuration

Reconfigure failure: server not running

Web application deploy successful

#

This installation area now contains several directories and files that are detailed below:

• scripts : This directory contains the install scripts and any data they need.

• SQLscripts : This directory contains the SQL database creation scripts that will create the tables that tooledup needs to run.

• bin : This directory contains the binaries ( shared-objects ) that tooledup needs to run.

• merchant.war : This is the WAR file that contains the jarfiles and configuration that represent tooledup as an application. This WAR will automatically be deployed by the install script.

In order to use the Tooled up sellers application you will need a SmartCard that will be issued to you by a third party vendor that contains an end entity signing certificate that has been issued by the Sellers Bank CA.

9. Restart the iws6 to be able to access the newly installed web application.You are now ready to run tooledup, access the url tooledup url e.g. http://porsche.UK.Sun.COM/merchant/tooledup

   The following screen appears:

Figure 2-15    Sellers Website Tooled Up Welcome Screen

Installing the CPI API

---

1. The CPI API is delivered in the form of a tar file commonly called

   /cdrom/cdrom0/cpi/cpi.tar

2. This contains several directories and files that are detailed below:
   • <cpi_install_dir>/bin : contains scripts that will set your classpath and help you run the tools you will need. The scripts are all written for use with bourne shell.

   • <cpi_install_dir>/lib : contains all the binaries that the CPI will need to run - this includes shared objects and jarfiles.

   • <cpi_install_dir>/store : This directory will be used to store your TokenKeyStore.

   • <cpi_install_dir>/doc : API documentation and TokenKeyTool detailed documentation.

3. It does not matter whether iTTM and iTPS are running during installation. However they, and all their associated components such as iAS and iWS, should be running if you need to run this component

4. Java 2 Enterpise Edition 1.2 or higher needs to be installed

5. Unpack the file

   /cdrom/cdrom0/cpi/cpi.tar

6. You are now required to use TokenKeyTool. A description of this can be found in

   <cpi_install_dir>/docs/TokenKeyTool.html

   By typing help when running TokenKeyTool you can obtain details of how this should be used. To run this script type:

   <cpi_install_directory>/bin/tok.sh

7. Before you can proceed you will need some trusted certificates. These certificates are in files that you have access to and each of the certificate files contain a single PEM format certificate. The certificates that you need will be.
   • C1 : The Identrus Root certificate (In the example below this is called PaymentsRootDevelopment.crt) This is referred to as the verification certificate.

   • C2 : The Buyer CA Certificate.(In the example below this is called StanTheMan.crt)

   If you want to cause 4 corner activity you will also need.

   • C3 : The Seller CA Certificate

   Finally you will need to issue a request for a signing certificate and import the appropriate response into your CertStore. In the example provided the Buyer and Seller signing Certificates are the same

   • C4 : The Signing Certificate

8. In order to create your store the following steps need to be performed:
   1.       Run the tok.sh script that starts the tokenkeytool.

   2. Type help to obtain details of useage

   3.       Create A Trust Domain using openstoremanager command eg openstoremanager -domainspace "file:///install_dir/store" -manager local.

   4.       Create a TokenKeyStore using the createstore command eg createstore -store identrus ( you will be prompted to give a password - please remember this password ).

   5.       Import your trusted CA Certificate file using the command importtrustedcerts eg importtrustedcerts -file "filename" ( Note the quoting ).

   6.       Generate a holding key pair for your SellerCertificate using the command genkey eg genkey -dname "CN=CPI Test Cert" ( Note the quoting ).

   7.       View the key to acquire the generated alias for it using the command listkeys eg listkeys.

   8.       Request a certificate from your Seller CA using the command certreq eg certreq -alias <generated_key_alias> -dname "CN=CPI Test Cert" -file "/tmp/certrequest" ( Note the quoting ).

   9.    paste the generated Certreq into your CA and get the CA generated Base64 Certificate chain. Store it in a file called "certresponse"

   10.       Import the certificate into the database using the command importkeychain -file "/tmp/certresponse" ( Note The quoting ).

   11. Quit the TokenKeyTool using the command quit.

9. We now illustrate this with an example

   Script started on Mon 24 Sep 2001 17:01:34 BST

   ragnarok# ./tok.sh

   TokenKeyTool> openstoremanager -domainspace "file:///iplanet/CPITest/store" -manager local

   TokenKeyTool> createstore -store identrus

   Login to JSS token Internal Key Storage Token: password

   TokenKeyTool> importtrustedcerts -file "/iplanet/CPITest/store/PaymentsRootDevelopment.crt"TokenKeyTool > importtrustedcerts -file "/iplanet/CPITest/store/StanTheManCA.crt"

   TokenKeyTool> genkey -dname "CN=CPI Test Cert"TokenKeyTool> listkeys

   +KeyEntrys

   +KeyEntry

   subject name: CN=CPI Test Cert

   issuer name: CN=CPI Test Cert

   serial #: 0x7733ad362cc3ecce

   +aliases

   alias: 7733ad362cc3ecce#CN=CPI Test Cert

   +certificate chain

   +certificate [0]

   subjectName: CN=CPI Test Cert

   issuerName: CN=CPI Test Cert

   serial#: 0x7733ad362cc3ecce

   not before: 24-Sep-01 16:03:20

   not after: 24-Sep-02 16:03:20

   TokenKeyTool> certreq -alias "7733ad362cc3ecce#CN=CPI Test Cert" -dname "CN=CPI Test Cert" -file "/iplanet/CPITest/store/requestfile"TokenKeyTool> importkeychain -file "/iplanet/CPITest/store/responsefile"

   +KeyEntry

   subject name: CN=CPI Test Cert

   issuer name: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   serial #: 0x10a

   +aliases

   alias: 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   +certificate chain

   +certificate [0]

   subjectName: CN=CPI Test Cert

   issuerName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   serial#: 0x10a

   not before: 24-Sep-01 16:09:23

   not after: 19-Sep-02 08:23:24

   +certificate [1]

   subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x18

   not before: 19-Sep-01 08:23:24

   not after: 19-Sep-02 08:23:24

   +certificate [2]

   subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x1

   not before: 29-Aug-01 00:00:00

   not after: 29-Aug-03 00:00:00

   TokenKeyTool> listkeys

   +KeyEntrys

   +KeyEntry

   subject name: CN=CPI Test Cert

   issuer name: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   serial #: 0x10a

   +aliases

   alias: 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   +certificate chain

   +certificate [0]

   subjectName: CN=CPI Test Cert

   issuerName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   serial#: 0x10a

   not before: 24-Sep-01 16:09:23

   not after: 19-Sep-02 08:23:24

   +certificate [1]

   subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x18

   not before: 19-Sep-01 08:23:24

   not after: 19-Sep-02 08:23:24

   +certificate [2]

   subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x1

   not before: 29-Aug-01 00:00:00

   not after: 29-Aug-03 00:00:00

   TokenKeyTool> listcerts

   +TrustedCertificateEntrys

   +TrustedCertificateEntry

   +aliases

   alias: 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   +certificate

   subjectName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x1

   not before: 29-Aug-01 00:00:00

   not after: 29-Aug-03 00:00:00

   +TrustedCertificateEntry

   +aliases

   alias: 18#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   +certificate

   subjectName: CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB

   issuerName: CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB

   serial#: 0x18

   not before: 19-Sep-01 08:23:24

   not after: 19-Sep-02 08:23:24

   TokenKeyTool> quit

   ragnarok# exit

   ragnarok#

   script done on Mon 24 Sep 2001 17:12:28 BST

10. Now you are ready to run the test harness - you can alter the script called test.sh in the same directory as tok.sh. These can be found in the directory:

    <cpi_install_directory>/cpi/scripts

    The test.sh script has parameters for what certificates need to be used. The parameters it expects are as follows.

    1. Payment amount.

    2. Payment currency

    3. Payment date.

    4. Payment account

    5. Payment reference

    6. Keystore domainspace+store eg file:///<cpi_install_dir>/store#identrus

    7. Keystore password

    8. Verification certificate alias (i.e. The Identrus Root)

    9. Seller signing certificate alias (i.e. The signing certificate)

    10. Buyer signing certificate alias ( i.e. The signing certificate)

11. You will need to change the settings for parameters g, h, i and j.

12. Once you have completed that you need to run the test program and receive a response from your TC. It looks something like the example below.

    Script started on Mon 24 Sep 2001 17:30:38 BST

    ragnarok# ./test.sh

    Init Seller [ password ] [ file:///iplanet/CPITest/store#identrus ] [ 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB ] [ 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB ]

    Init Buyer [ password ] [ file:///iplanet/CPITest/store#identrus ] [ 10a#CN=StanTheMan L1CA,OU=Trustbase,O=iPlanet,C=GB ] [ 1#CN=Payments Root,OU=Payments Services,O=iPlanet,C=GB ]

    ***********

    CN=StanTheMan L1CA;

    OU=Trustbase;

    O=iPlanet;

    C=GB

    ***********

    CN=StanTheMan L1CA;

    OU=Trustbase;

    O=iPlanet;

    C=GB

    ***********

    CN=StanTheMan L1CA;

    OU=Trustbase;

    O=iPlanet;

    C=GB

    ***********

    CN=StanTheMan L1CA;

    OU=Trustbase;

    O=iPlanet;

    C=GB

    ***********

    CN=StanTheMan L1CA;

    OU=Trustbase;

    O=iPlanet;

    C=GB

    *** Hostname: stantheman.uk.sun.com

    ----------------------------------------------------------------

    RESPONSE BEGIN

    <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE Acknowledgement PUBLIC "-//IDENTRUS//ELEANOR_ACKNOWLEDGEMENT_DTD//en" "file:///bankInterface.dtd"><Acknowledgement><NIB id="NIB_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1" version="2.0"><ContextInfo msggrpid="0C23BFB09A79CBB61E40E33806AAA787AA8D697A" msgid="SFI01"></ContextInfo><StartTime><LocalTime id="LocalTime_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1" time="20010924163046Z"/></StartTime><MsgTime><LocalTime id="LocalTime_88A06FA2E96D7490EF266A99F2EAE093A22E788E_2" time="20010924162955Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_88A06FA2E96D7490EF266A99F2EAE093A22E788E_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>D/BnXyA+JgY60Nq3hn7lxNNJlKE=</DigestValue></Reference>< Reference URI="#ContentAcknowledgement_E9019A7CF47FD5037FC6D43EDE1E08FD202981 D8_1"><Transforms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>CPCKfLiW7xtPWVJxDTsTm8n0/GI=</DigestValue></Reference>< Reference URI="#Response_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>lqvTPizMdDfehbLpiHYvgi+KZZg=</DigestValue></Reference>< /SignedInfo><SignatureValue>B9UFdLMEBSBnamK4eq1NZHiG2bUNVTLN0nm6Yw4 h6uMFWRVWp76sIw0QJQcrwegyJZD2SLvmKz3uDaBy+sx+wdieq/UTEIuvOrd4TELph7 355i8hOhV3agWdpstxuqupS2PxqpkjTFGCdu1x0SGyxwvRcOXqFudxxiKDt9xYGGk=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>14</X509SerialNumber></X509I ssuerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Data> <X509IssuerSerial><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>14</X509SerialNumber></X509I ssuerSerial><X509Certificate>MIIDQzCCAqygAwIBAgIBDjANBgkqhkiG9w0BAQ UFADBTMQswCQYDVQQGEwJHQjEQMA4GA1U

    .....................

    3NoQTXAnM/tQSes7vANiPFskDCg1nxDW0m0dlHBTAYlGeDMOU77wxYAxwD7kn8zMrlB /uUwOEqsc=</X509Certificate></X509Data></CertBundle><ContentAcknowl edgement id="ContentAcknowledgement_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8 _1"><Header xml:lang="en"><Product>xPx</Product><DocumentType>Acknowledgement</ DocumentType><Version>1.0</Version></Header><References><EleanorTra nsactionReference>39240ee9250ddcb580002120448471</EleanorTransactio nReference><SFIReference>Unknown</SFIReference></References><Acknow ledgementData><AcknowledgementType>PayInst</AcknowledgementType><St atus>SUCCESS</Status><ReasonCode>00PR00</ReasonCode><ReasonText>Req uest Received</ReasonText></AcknowledgementData></ContentAcknowledgement ><Response id="Response_E9019A7CF47FD5037FC6D43EDE1E08FD202981D8_1"><ResponseD ata>MIIE/QoBAKCCBPYwggTyBgkrBgEFBQcwAQEEggTjMIIE3zCCAQ+hgZUwgZIxCzA JBgNVBAYTAnVrMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEQMA4GA1

    ..................................

    HbkMNVTiHWS6gxcBlWMo0blCXuvF571gioA4nkRsIk+aGcrSF7BJg+6hESu/sU2vTqi tSNEmtqwYvuTKaPl5XVMYRlH4zpiU838+48IzvAtUS4CyQxKfGvYHzo7cDfcQqNqy1G XQl+ldtzNVKyGf5UBPmJsJxH16X8zSX5TvxCI</ResponseData><CSCResponse><N IB id="NIB_F8C3B821A28E70139D1CC437F8340E23B42CE885_1" version="2.0"><ContextInfo msggrpid="2BAD252ABFCF8A2B3931516F0F0BC462CC92EDFE" msgid="1001349411141"></ContextInfo><StartTime><LocalTime id="LocalTime_F8C3B821A28E70139D1CC437F8340E23B42CE885_1" time="20010924162955Z"/></StartTime><MsgTime><LocalTime id="LocalTime_F8C3B821A28E70139D1CC437F8340E23B42CE885_2" time="20010924163651Z"/></MsgTime></NIB><Signature xmlns="http://www.w3.org/2000/02/xmldsig#"><SignedInfo><Canonicaliz ationMethod Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#rsa-sha1"></SignatureM ethod><Reference URI="#NIB_F8C3B821A28E70139D1CC437F8340E23B42CE885_1"><Transforms>< Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>Ou6H7IQ2U95LvkfwjW0i6DtfUE8=</DigestValue></Reference>< Reference URI="#Response_D85200FD60A1AEC4FCD7293EADA68B1D05E8DA13_1"><Transfo rms><Transform Algorithm="http://search.ietf.org/internet-drafts/draft-ietf-trade- hiroshi-dom-hash-03.txt"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"></DigestMethod>< DigestValue>GUrLs/8UEnjBJENkoyY/cCUkFW0=</DigestValue></Reference>< /SignedInfo><SignatureValue>HOxQsKKycayWJYhXeyNdc52eWFHv3Y1Nz9CcigO JQHz+bKV9ewkeKoOSzbngYdufk1hyB8OloYprYIcpVXwKKFeQ7hP+7yC6ODQI1uv1LS Pi41PUlJH2Q5B7yMHZjyAbxpsudoxThHtOQ+i09KZVJSkO5+Xn1J0QDt8OOMSwtdM=< /SignatureValue><KeyInfo><X509Data><X509IssuerSerial><X509IssuerNam e>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>9</X509SerialNumber></X509Is suerSerial></X509Data></KeyInfo></Signature><CertBundle><X509Data>< X509IssuerSerial><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>9</X509SerialNumber></X509Is suerSerial><X509Certificate>MIIDNjCCAp+gAwIBAgIBCTANBgkqhkiG9w0BAQU FADBTMQswCQYDVQQGEwJHQjEQMA4GA1U

    .....................................

    nJRKnCCsg==</X509Certificate></X509Data><X509Data><X509IssuerSerial ><X509IssuerName>C=GB,O=iPlanet,OU=Payments Services,CN=Payments Root</X509IssuerName><X509SerialNumber>1</X509SerialNumber></X509Is suerSerial><X509Certificate>MIICkjCCAfugAwIBAgIBATANBgkqhkiG9w0BAQU FADBTMQswCQYDVQQGEwJHQjEQMA4GA1UEC

    ......................................

    s7vANiPFskDCg1nxDW0m0dlHBTAYlGeDMOU77wxYAxwD7kn8zMrlB/uUwOEqsc=</X5 09Certificate></X509Data></CertBundle><Response id="Response_D85200FD60A1AEC4FCD7293EADA68B1D05E8DA13_1"><ResponseD ata>MIIE/QoBAKCCBPYwggTyBgkrBgEFBQcwAQEEggTjMIIE3zCCAQ+hgZUwgZIxCzA JBgNVBAYTAnVrMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxvbmRvbjEQMA4GA1

    .................................

    U2vTqitSNEmtqwYvuTKaPl5XVMYRlH4zpiU838+48IzvAtUS4CyQxKfGvYHzo7cDfcQ qNqy1GXQl+ldtzNVKyGf5UBPmJsJxH16X8zSX5TvxCI</ResponseData></Respons e></CSCResponse></Response></Acknowledgement>

    RESPONSE END

    ----------------------------------------------------------------

    ragnarok# exit

    ragnarok#

    script done on Mon 24 Sep 2001 17:31:20 BST

iTPS Reinstallation

---

iWS 4.1 Reinstall

For those versions of software placed on an iWS 4.1

1. consult

   http://docs.iplanet.com/docs/manuals/fasttrak/41/ig/unix.htm

2. Remove all Web Server instances.

3. Reinstall the Web Server and all its configured instances.

4. Reinstall iAS, iTTM and iMQ

5. Reinstall the iTPS

iWS 6.0 Reinstall

For those versions of software placed on an iWS 6.0 it may be possible to reinstall iTPS without having to reinstall the entire Web Server and all its instances.

1. Consult

   http://docs.iplanet.com/docs/manuals/enterprise/50/ig/unix.htm

2. In this case it is possible to Reinstall the components

3. BiaB Admin Tool,

4. Tooledup,

5. BiaB Backend

6. CPI

7. BFI

   When the plugin is installed on iWS 6.0 it uses the answers to the questions you give at install time to configure but it actually uses "wdeploy" to deploy the application, this means that if you uninstall any of the components, the simplest way is to use the wdeploy delete option.

iTPS Backup

---

Make a backup copy of the iTPS installation and all its associated database tables.

A list of tables can be found as follows:

su oracle

sqlplus tbase/tbase

select TABLE_NAME from ALL_TABLES;

exit;

To see what other tables need to be backed up please refer to "Database Check Points"