Skip to content

Manual-Sandbox-Installation-Guide.md

Latest commit

 

History

History
252 lines (192 loc) · 14 KB

Manual-Sandbox-Installation-Guide.md

File metadata and controls

252 lines (192 loc) · 14 KB

Alta Software PSD2 Developer Portal and Sandbox Manual Installation Guide for IIS

  1. Install IIS 10

  2. Delete all non root certificates from Trusted root certificates

    You should delete any certificate whose Issued by and Issued to values are not the same (and therefore the certificate is not at the top of the hierarchy).

    Plese see this: https://docs.microsoft.com/en-us/troubleshoot/iis/http-403-forbidden-open-webpage

  3. Disable weak protocols, cipher suites and hashing algorithms

    Please read this: Transport Layer Security (TLS) registry settings

    and this Manage Transport Layer Security (TLS)

  4. Install Banking Associacion of Georgia-s root certificate in Trusted Root Certification Authorities with store location = Local Machine.

  5. Install Banking Associacion of Georgia-s sub root certificates (WAC and SEAL) in Intermediary Certification Authorities with store location = Local Machine.

  6. Install your SSL certificate (i.e. *.yourdomain.ge) in Personal with store location = Local Machine.

  7. Install your QWAC compatible certificate (i.e. *.yourdomain.ge) in Personal with store location = Local Machine.

  8. Install your QSealC compatible certificate in Personal with store location = Local Machine. It MUST have private key.

  9. Install the ASP.NET Core Module/Hosting Bundle

    Download the installer using the following link: Current .NET Core Hosting Bundle installer direct download

    For more detailed instructions on how to install the ASP.NET Core Module, see Install the .NET Core Hosting Bundle.

  10. (Conditional) Install SQL Server Express (2016+) or you can use existing SQL server (Enterprise)

    1. If you are using PSD2 DataAccess Api, then skip this step and install DataAccess Api instead DataAccess Installation Guide

    2. Download the installer using the following link: Latest SQL Server Express installer direct download

      If you already have SQL server installed somewhere, you can use it.

    3. Run SQL Server Management Studio

    4. Connect to SQL Server

    5. Open new query window

    6. Create database with the following command:

    CREATE DATABASE [PSD2_Portal] COLLATE Latin1_General_100_BIN2;

  11. Download latest versions of PSD2 Developer Portal and Sandbox binaries

    You can download it from our support portal Alta Software Support Site. Go to PSD2 folder.

  12. Extract PSD2 Developer Portal and Sandbox aplications in IIS folders

    1. Create folder for PSD2 sandbox applications, i.e. C:\Inetpub\PSD2

    2. Extract sandbox-portal-BBBBBBBB-x.x.x.zip to C:\Inetpub\PSD2\portal folder

    3. Extract sandbox-auth-server-BBBBBBBB-x.x.x.zip to C:\Inetpub\PSD2\authserver-sandbox folder

    4. Extract sandbox-auth-web-BBBBBBBB-x.x.x.zip to C:\Inetpub\PSD2\authweb-sandbox folder

    5. Extract sandbox-xs2a-BBBBBBBB-x.x.x.zip to C:\Inetpub\PSD2\xs2a-sandbox folder

    6. Go to each folder, find appsettings.json file, open it and:

      1. If you are not using PSD2 DataAccess Api, then fill Database:ConnectionString section with database connection string. Database user must have db_owner rights on PSD2_Portal database. Delete DataAccess section, it is only required when using PSD2 DataAccess Api.

        "Database": {
    "ConnectionString": "Data Source=localhost;Initial Catalog=PSD2_Portal;Integrated Security=true;Encrypt=false;TrustServerCertificate=true;Application Name=AltaSoft.PSD2"
}

      2. If you are using PSD2 DataAccess Api, then fill DataAccess section with address of installed DataAccess Api. Fill UserName and Password with credentials entered in PSD2 DataAccess Api configuration. Delete Database:ConnectionString section, it is only required when using direct access to PSD2 database.

        "DataAccess": {
    "Url": "https://localhost:15011",
    "UserName": "User",
    "Password": "Password"
}

      3. Fill "CertificateThumbprint with your QSealC certificate's thumbprint

        "CertificateThumbprint": "9c3f0b85333b72379963e610e1d95c94d4fa5166"

      4. If you have load balancer in front of IIS

        "HostingType": "load_balancer"

        You should configure your Load Balancer for MTLS and certificate forwarding in http header with name X-ARR-ClientCert

    7. Open C:\Inetpub\PSD2\xs2a-sandbox\appsettings.json and fill OAuth2ServerBaseUrl parameter with this https://psd2-authserver-sandbox.yourdomain.ge

      "OAuth2ServerBaseUrl": "https://psd2-authserver-sandbox.yourdomain.ge"

    8. Open C:\Inetpub\PSD2\authserver-sandbox\appsettings.json and fill OAuth2WebBaseUrl parameter with this https://psd2-authweb-sandbox.yourdomain.ge

      "OAuth2WebBaseUrl": "https://psd2-authweb-sandbox.yourdomain.ge"

  13. Install PSD2 Developer Portal and Sandbox aplications in IIS

    1. Go to Internet Information Services (IIS) Manager

    2. Create Application Pools

      Image

      Image

      Developer Portal

      1. Select Application Pools, right click it and select Add Application Pool...
      2. Enter AltaSoft.PSD2.DeveloperPortal_AppPool into name field
      3. Select No Managed Code in .NET CLR version field
      4. Select Integrated in Managed pipeline mode field
      5. Press OK
      6. Select newly created application pool, right click it and select Advanced Settings...
      7. Set General\Start mode to AlwaysRunning
      8. Set Process Model\Identity to LocalSystem
      9. Set Process Model\Idle Time-out (minutes) to 0
      10. Set Recycling\Disable Overlapped Recycle to False

      OAuth2 Server API

      1. Select Application Pools, right click it and select Add Application Pool...
      2. Enter AltaSoft.PSD2.AuthServer.Sandbox_AppPool into name field
      3. Select No Managed Code in .NET CLR version field
      4. Select Integrated in Managed pipeline mode field
      5. Press OK
      6. Select newly created application pool, right click it and select Advanced Settings...
      7. Set General\Start mode to AlwaysRunning
      8. Set Process Model\Identity to LocalSystem
      9. Set Process Model\Idle Time-out (minutes) to 0
      10. Set Recycling\Disable Overlapped Recycle to False

      OAuth2 Server Web

      1. Select Application Pools, right click it and select Add Application Pool...
      2. Enter AltaSoft.PSD2.AuthWeb.Sandbox_AppPool into name field
      3. Select No Managed Code in .NET CLR version field
      4. Select Integrated in Managed pipeline mode field
      5. Press OK
      6. Select newly created application pool, right click it and select Advanced Settings...
      7. Set General\Start mode to AlwaysRunning
      8. Set Process Model\Identity to LocalSystem
      9. Set Process Model\Idle Time-out (minutes) to 0
      10. Set Recycling\Disable Overlapped Recycle to False

      XS2A API

      1. Select Application Pools, right click it and select Add Application Pool...
      2. Enter AltaSoft.PSD2.XS2A.Sandbox_AppPool into name field
      3. Select No Managed Code in .NET CLR version field
      4. Select Integrated in Managed pipeline mode field
      5. Press OK
      6. Select newly created application pool, right click it and select Advanced Settings...
      7. Set General\Start mode to AlwaysRunning
      8. Set Process Model\Identity to LocalSystem
      9. Set Process Model\Idle Time-out (minutes) to 0
      10. Set Recycling\Disable Overlapped Recycle to False

    3. Create Web Sites

      Image

      Developer Portal

      1. Select Sites, right click it and select Add Website...
      2. Enter AltaSoft.PSD2.DeveloperPortal into Site name field
      3. Select AltaSoft.PSD2.DeveloperPortal_AppPool in Application pool field
      4. Enter C:\Inetpub\PSD2\portal into Physical path field
      5. Select https in Binding: Type field
      6. Enter psd2-portal.yourdomain.ge in Binding: Host name field and select Require Server Name Indication
      7. Select *.yourdomain.ge certificate in Binding: SSL certificate field
      8. Press OK
      9. Select newly created site, right click it and select Edit Bindings...
      10. Select http in Type field
      11. Enter psd2-portal.yourdomain.ge in Host name field
      12. Press OK
      13. Right click the site it and select Manage website\Advanced Settings...
      14. Set General\Preload Enabled to True

      OAuth2 Server API

      1. Select Sites, right click it and select Add Website...

      2. Enter AltaSoft.PSD2.AuthServer.Sandbox into Site name field

      3. Select AltaSoft.PSD2.AuthServer.Sandbox_AppPool in Application pool field

      4. Enter C:\Inetpub\PSD2\authserver-sandbox into Physical path field

      5. Select https in Binding: Type field

      6. Enter psd2-authserver-sandbox.yourdomain.ge in Binding: Host name field and select Require Server Name Indication

      7. Check Disable HTTP/2

      8. Select *.yourdomain.ge certificate in Binding: SSL certificate field

      9. Press OK

      10. Select newly created site and select SSL Settings

        Image

        1. Select Require SSL
        2. Select Accept in Client certificates

      11. Press Apply button

      12. Right click the site it and select Manage website\Advanced Settings...

      13. Set General\Preload Enabled to True

      OAuth2 Server Web

      1. Select Sites, right click it and select Add Website...
      2. Enter AltaSoft.PSD2.AuthWeb.Sandbox into Site name field
      3. Select AltaSoft.PSD2.AuthWeb.Sandbox_AppPool in Application pool field
      4. Enter C:\Inetpub\PSD2\authweb-sandbox into Physical path field
      5. Select https in Binding: Type field
      6. Enter psd2-authweb-sandbox.yourdomain.ge in Binding: Host name field and select Require Server Name Indication
      7. Select *.yourdomain.ge certificate in Binding: SSL certificate field
      8. Press OK
      9. Right click the site it and select Manage website\Advanced Settings...
      10. Set General\Preload Enabled to True

      XS2A API

      1. Select Sites, right click it and select Add Website...

      2. Enter AltaSoft.PSD2.XS2A.Sandbox into Site name field

      3. Select AltaSoft.PSD2.XS2A.Sandbox_AppPool in Application pool field

      4. Enter C:\Inetpub\PSD2\xs2a-sandbox into Physical path field

      5. Select https in Binding: Type field

      6. Enter psd2-xs2a-sandbox.yourdomain.ge in Binding: Host name field and select Require Server Name Indication

      7. Check Disable HTTP/2

      8. Select *.yourdomain.ge certificate in Binding: SSL certificate field

      9. Press OK

      10. Select newly created site and select SSL Settings

        Image

        1. Select Require SSL
        2. Select Accept in Client certificates

      11. Press Apply button

      12. Right click the site it and select Manage website\Advanced Settings...

      13. Set General\Preload Enabled to True

  1. That's it. 😃
    • Check that everything is working as expected