|
|
Installing i-Planet Software
|
The recommended installation scenario calls for the reverse proxy to be installed on the i-Planet gateway, and for the platform and applications to be installed on another machine, the i-Planet server. The other possible installation scenario is to install all three i-Planet components on one machine. The order of installation of i-Planet gateway versus i-Planet server does not matter.
Within each of these scenarios, you choose either a default or a nondefault (customized) installation. Default answers in both types of installation are indicated in square brackets, for example: [y] n.
i-Planet software is installed in /opt by default. If you want to install in a different directory, choose the nondefault installation. This manual provides instructions assuming you install in /opt; substitute your installation directory name where appropriate.
Refer to TABLE 1-2 if you need a description about the information to enter during installation.
A log of the installation is stored in
/var/opt/SUNWstnr/debug/iplanet_install.log.processnumber. The log can be helpful if you are trying to diagnose a problem related to installation.
 |
To install the i-Planet gateway
|
| |
1. |
As root, mount the CD-ROM labeled "i-Planet 2.0" on the machine that will be used as the i-Planet gateway. |
| |
2. |
Run the iplanet_install script on the i-Planet gateway.
|
# cd /cdrom/cdrom0
# ./iplanet_install
|
|
| |
|
The i-Planet Installation menu is displayed:
|
Welcome to the i-Planet Installation
...
1) Server
2) Gateway
3) Exit
choice: [3]
|
|
| |
3. |
Enter 2 to install the gateway. |
| |
|
The installation script asks the question:
|
Do you also want to install the firewall on this system? [y]/n
|
|
| |
|
(Under the Solaris 7 operating environment, this question does not appear.) |
| |
4. |
Press Return (for y) to install the basic firewall or enter n if you do not want to install the basic firewall. |
|
|
If you press Return to install the basic firewall, the installation script asks the question:
|
Do you want the installation script to reboot the system for you?
y/[n]
|
|
| |
|
Press Return to answer no, or enter y to have the script reboot your system after installation. |
|
|
If you do not want to install the basic firewall and enter n, the basic firewall will not be installed. In this case, you should close all access to the gateway machine from the Internet except for port 443 (the default encrypting proxy port). Closing the access is dependent on the type of system you are using. |
| |
|
At this point, the installation script checks to make sure the Java Development Kit version 1.1.6 is installed on your machine; if an earlier version is installed, or if no version is installed, the installation script asks whether you want to install JDK 1.1.6. You must have the 1.1.6 version installed to use i-Planet 2.0 software. |
| |
|
The installation script then asks the question:
|
Do you want to use the default settings? [y]/n
|
|
| |
5. |
Press Return (for y) to accept the default installation settings or enter n to provide your own installation settings. |
|
|
If you answer y to accept the default installation, the installation script asks the question:
|
What is the fully qualified host name of the external interface to
the internet for the machine where the gateway will run? [fully
qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, or other irregularities.
|
|
If you enter n to provide your own installation settings, the installation script asks the question:
|
What directory do you want to use for installation? [/opt]
|
|
| |
6. |
Press Return to accept the default for the fully qualified host name of the external interface to the Internet of the machine on which you are installing the gateway or enter a different fully qualified host name. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the machine where the
server will run? [fully qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, or other irregularities.
| |
7. |
Enter the fully qualified host name of the machine on which you are installing the i-Planet server. |
| |
|
The installation script asks the question:
|
What is the name of the host that will be used as the web proxy
host? []
|
|
| |
8. |
Press Return if you are not using a web proxy host, or enter the fully qualified host name of your web proxy host. |
|
|
If you enter a web proxy host name, the installation script asks you to specify its port number:
|
What port does web proxy host run on? []
|
|
| |
|
Enter the port number of the web proxy host. |
| |
|
The installation script then asks the question:
|
What is the domain name for your network? [domainname]
|
|
| |
9. |
Press Return to accept the default for your network domain name or enter a different network domain name. |
Note - The network domain name does not include the host name or subdomain name. In the example, "hostname.eng.sun.com," the network domain name is sun.com.
| |
|
The installation script asks the question:
|
What are the subdomains which reside on your private network that
will be served by the gateway? ...
subdomain []
|
|
| |
10. |
Press Return if you are not using subdomains, or enter the subdomains that reside on your private network that will be served by the gateway. Note: in the example "hostname.eng.sun.com," the network subdomain name is eng. Press Return at the prompt when you are finished entering subdomain names. |
| |
|
The installation script checks to see if a self-signed certificate for the SSL server exists on the gateway. |
|
|
If an SSL certificate does not exist, the script starts to create one:
|
No certificate was found on this server.
Creating new self-signed certificate...
|
|
|
|
If an SSL certificate exists, the script asks the question:
|
A certificate was found on this server, do you want to use this
certificate? [y]/n
|
|
| |
11. |
Press Return to accept the default for the installation directory (/opt), or enter a different directory name. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the external interface to
the internet for the machine where the gateway will run? [fully
qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, or other irregularities.
| |
12. |
Press Return to accept the default for the fully qualified host name of the external interface to the Internet of the machine on which you are installing the gateway, or enter another name. |
| |
|
The installation script asks the question:
|
What port will the encrypting proxy (eproxy) run on? [443]
|
|
| |
13. |
Press Return to accept the default for the port number of the encrypting proxy (443) on the gateway, or enter a different port number. |
| |
|
(If you change this port number, and you have your own firewall installed, make sure that you allow Internet access to this new port number on this machine.) |
| |
|
The installation script asks the question:
|
What port will the reverse proxy (rproxy) run on? [10443]
|
|
| |
14. |
Press Return to accept the default for the port number of the reverse proxy (10443) on the gateway, or enter a different port number. |
| |
|
The reverse proxy port number must be a different port number than the port number for the encrypting proxy. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the machine where the
server will run? [fully qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, or other irregularities.
| |
15. |
Enter the fully qualified host name of the machine on which you are installing the i-Planet server. |
| |
|
The installation script asks the question:
|
What is the server port? [8080]
|
|
| |
16. |
Press Return to accept the default for the port number of the i-Planet server (8080), or enter a different port number. |
| |
|
The installation script asks the question:
|
What is the name of the host that will be used as the web proxy
host? []
|
|
| |
17. |
Press Return if you are not using a web proxy host, or enter the fully qualified host name of your web proxy host. |
|
|
If you enter a web proxy host name, the installation script asks you to specify its port number:
|
What port does web proxy host run on? []
|
|
| |
|
Enter the port number of the web proxy host. |
| |
|
The installation script then asks the question:
|
What is the domain name for your network? [domainname]
|
|
| |
18. |
Press Return to accept the default for your network domain name, or enter a different domain name. |
Note - The network domain name does not include the host name or subdomain name. In the example, "hostname.eng.sun.com," the network domain name is sun.com.
| |
|
The installation script asks the question:
|
What are the subdomains which reside on your private network that
will be served by the gateway? ...
subdomain []
|
|
| |
19. |
Press Return if you are not using subdomains, or enter the subdomains that reside on your private network that will be served by the reverse proxy. Note: in the example "hostname.eng.sun.com," the network subdomain name is eng. Press Return at the prompt when you are finished entering subdomain names. |
| |
|
The installation script asks the question:
|
Do you want to use SSL to communicate with the i-Planet server?
y/[n]
|
|
| |
20. |
Press Return (for n) if you do not want to use SSL for communication between the gateway and the i-Planet server or enter y if you want to use SSL communication between those machines. |
|
|
If you enter y to use SSL communication between the gateway and the server, the installation script asks the question:
|
What port will be used for the SSL communication? [443]
|
|
| |
|
Press Return to accept the default for the i-Planet server port number for SSL (443) or enter a different port number. |
|
|
If you answer n, SSL communication will not be used between the gateway and the server. |
| |
|
The installation script checks to see if a self-signed certificate for the SSL server exists on the gateway. |
|
|
If an SSL certificate does not exist, the script starts to create one:
|
No certificate was found on this server.
Creating new self-signed certificate...
|
|
|
|
If an SSL certificate exists, the script asks the question:
|
A certificate was found on this server, do you want to use this
certificate? [y]/n
|
|
| |
21. |
Create a new self-signed certificate for the gateway SSL server or enter y to use an existing self-signed certificate. |
|
|
If you create a new self-signed certificate (either because no certificate was found or because you enter n to the previous question), the installation script prompts you to enter various organization-specific information and a passphrase for the self-signed certificate:
|
What is the name of your organization? []
What is the name of your organizational unit? []
What is the name of your City or Locality? []
What is the name of your State or Province? []
What is the two-letter country code for this unit? []
...
Enter passphrase []
|
|
| |
|
Enter the information for your new certificate. |
|
|
If you enter y to use an existing certificate, the certificate will be used. |
| |
|
When the gateway SSL certificate is completed, the installation script installs the i-Planet packages and starts the i-Planet gateway. When installation is finished, your prompt returns. (If you installed the basic firewall and elected to have the script reboot your machine after installation, the script reboots your machine at this point.) |
| |
|
(Any process started when the current working directory is /cdrom/cdrom0 must be stopped before you can eject the CD-ROM.)
|
| |
23. |
If you installed the basic firewall, as root, configure the basic firewall on the gateway: |
| |
a. |
Reboot the i-Planet gateway manually if you did not reboot it using the
installation script.
|
| |
|
Wait for the machine to reboot (about five minutes) before proceeding. |
| |
b. |
Run the firewall configuration script on the i-Planet gateway.
|
| |
|
Note: If you installed the gateway and firewall on a headless machine (that is, a machine without a monitor and keyboard), you must connect to the firewall using rlogin, rsh, or telnet.
|
# cd /opt/SUNWsrfw/bin
# ./fw.configure
|
|
| |
|
The firewall configuration script asks the question:
|
Enter the gateway interface:
|
|
| |
c. |
Enter the gateway network interface that is connected to the Internet.
|
| |
|
(Use the command ifconfig -a to list available interfaces.) |
| |
|
The firewall configuration script asks the question:
|
Choose one of the following name service options:
1. NIS
2. DNS
3. NIS and DNS
4. None
|
|
| |
d. |
Enter the number corresponding to the appropriate name service option.
|
| |
|
The firewall configuration script configures the firewall. When configuration is complete, your prompt returns. |
| |
e. |
Reboot the i-Planet gateway.
|
i-Planet gateway software installation is complete.
| |
To install the i-Planet server
|
| |
1. |
As root, mount the CD-ROM labeled "i-Planet 2.0" on the machine that will be used as the i-Planet server. |
| |
2. |
Run the iplanet_install script on the i-Planet server.
|
# cd /cdrom/cdrom0
# ./iplanet_install
|
|
| |
|
The i-Planet Installation menu is displayed:
|
Welcome to the i-Planet Installation
...
1) Server
2) Gateway
3) Exit
choice: [3]
|
|
| |
3. |
Enter 1 to install the i-Planet server. |
| |
|
If you are installing the i-Planet server on the same machine as the gateway, the installation script warns you of this and asks you to continue the installation or abort the installation. |
| |
|
The installation script asks the question:
|
Do you want to use the default settings? [y]/n
|
|
| |
4. |
Press Return (for y) to accept the default installation settings or enter n to provide your own installation settings. |
|
|
If you answer y to accept the default installation, the installation script asks the question:
|
What is the fully qualified host name of the machine where the
server will run? [fully qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, or other irregularities.
|
|
If you enter n to provide your own installation settings, the installation script asks the question:
|
What directory do you want to use for installation? [/opt]
|
|
| |
5. |
Press Return to accept the default for the fully qualified host name of the machine on which you are installing the server or enter a different fully qualified host name. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the external interface to
the internet for the machine where the gateway will run? [fully
qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, and so forth.
| |
6. |
Enter the fully qualified host name of the i-Planet gateway. |
| |
|
The installation script asks the question:
|
Do you want to start the i-Planet server when installation is
complete? [y]/n
|
|
| |
7. |
Press Return to accept the default for the installation directory (/opt), or enter a different directory name. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the machine where the
server will run? [fully qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, and so forth.
| |
8. |
Press Return to accept the default for the fully qualified host name of the machine on which you are installing the server or enter a different fully qualified host name. |
| |
|
The installation script asks the question:
|
What is the server port? [8080]
|
|
| |
9. |
Press Return to accept the default for the port number of the i-Planet server (8080), or enter a different port number. |
| |
|
The installation script asks the question:
|
What is the fully qualified host name of the external interface to
the internet for the machine where the gateway will run? [fully
qualified host name]
|
|
Note - The fully qualified host name must be a resolvable address. Example: hostname.eng.sun.com. The installation script attempts to verify that the address supplied is resolvable; however, you should make sure that there are no spurious subdomains included in the name, and so forth.
| |
10. |
Enter the fully qualified host name of the i-Planet gateway. |
| |
|
The installation script asks the question:
|
What is the gateway port? [443]
|
|
| |
11. |
Press Return to accept the default port number for the i-Planet gateway or enter a different port number. |
| |
|
The installation script asks the question:
|
Do you want to use SSL to communicate with the Gateway? y/[n]
|
|
| |
12. |
Press Return (for n) if you do not want to use SSL for communication between the gateway and the i-Planet server or enter y if you want to use SSL communication between those machines. |
|
|
If you enter y to use SSL communication between the gateway and the server, the installation script asks the question:
|
What port will be used for the SSL communication? [443]
|
|
| |
|
Press Return to accept the default for the i-Planet server port number for SSL (443) or enter a different port number. (The i-Planet gateway's configuration for this port number must match, that is, if you change the port number for SSL communication on the server, the gateway must also know what the changed port number is.) |
Note - If you are using SSL between the gateway and the i-Planet server, you must install an SSL certificate from a Certificate Authority vendor on the i-Planet server; refer to Appendix A for instructions on obtaining and installing an SSL certificate from a Certificate Authority vendor.
|
|
If you answer n, SSL communication will not be used between the gateway and the server. |
| |
|
The installation script asks the question:
|
Do you want to start the i-Planet server when installation is
complete? [y]/n
|
|
| |
13. |
Press Return (for y) to start the i-Planet server when installation is complete, or enter n to start the server later by hand. |
| |
|
The installation script installs the i-Planet packages and starts the i-Planet server if you elected to have the script start the server. When installation is complete, your prompt returns. |
| |
|
(Any process started when the current working directory is /cdrom/cdrom0 must be stopped before you can eject the CD-ROM.)
|
| |
15. |
Start the i-Planet server if you did not choose to have the installation script start it.
|
# /opt/SUNWjeev/bin/iplanet_serv start
|
|
i-Planet server software installation is complete.
| |
To verify that the i-Planet gateway and server are running
|
| |
Open a browser and go to the URL https://i-Planet_gateway.
|
| |
|
If the Authenticator selection page is displayed, the i-Planet gateway and i-Planet server are running. |
Troubleshooting
If the Authenticator selection page does not display or you receive an error message, such as Connection refused, try the following steps:
|
|
Stop and restart the i-Planet gateway
|
# /opt/SUNWsnrp/bin/iplanet_gw stop
# /opt/SUNWsnrp/bin/iplanet_gw start
|
|
|
|
Make sure the firewall is allowing connections through port 443 |
|
|
Stop and restart the i-Planet server
|
# /opt/SUNWjeev/bin/iplanet_serv stop
# /opt/SUNWjeev/bin/iplanet_serv start
|
|
In most configurations, you do not want the machine that you are using as the i-Planet gateway to function as an Internet router. To prevent this, you should turn off Solaris operating system routing. To do so, create an empty
/etc/notrouter file if it does not already exist. This file is checked at boot time, and if it exists, the machine does not act as a router.
Add /opt/SUNWstnr/man to your MANPATH.
To obtain and install your license, proceed to Chapter 3 in this manual.
After you have obtained and installed your license, to set up and manage i-Planet start the Administration Console on the i-Planet server by opening a browser and going to the URL:
|
|
http://i-Planet_server:8080/console and log in as root (if you are not using SSL communication between the gateway and server) |
|
|
https://i-Planet_server/console and log in as root (if you are using SSL communication between the gateway and server) |
Refer to the i-Planet Administration Guide, located in
/opt/SUNWjeev/public_html/docs/usenglish/manuals/ps/admin.ps for information on administration; use a PostScript viewer started by imagetool or stdimage, for example, to display the PostScript. If your browser has the capability to display PostScript files, you can use the URL
http://i-Planet_server:8080/docs/usenglish/manuals/ps/admin.ps, or, if you are using SSL between the gateway and the i-Planet server,
https://i-Planet_server/docs/usenglish/manuals/ps/admin.ps. (If you changed the default port numbers during installation, substitute the new port numbers in the path.)
Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.