Downloading and Installing the Windows Client Installer

Complete the tasks in this topic to download and install the Windows client installer for Dedicated KMS.

Installing the Windows Client Service

Review the Prerequisites for using a KSP or CNG provider.

Complete the following steps to install Windows client server:

  1. Navigate to the Windows directory where you downloaded the MSI installer file.
  2. Run the installer by specifying the installation location. For example: c:\Program Files\Oracle\DedicatedKMS. Then follow the installation sequence.
  3. Click Finish.
  4. Navigate to the installation directory for the Dedicated KMS client. For example: c:\Program Files\Oracle\DedicatedKMS.
    Note

    By default, Windows installs the program at c:\Program Files\Oracle\DedicatedKMS. However, the Windows client can be installed anywhere on your local machine.
  5. Run the configure_dkms.exe file by providing the installation path and DNS name of the HSM cluster. (or)
  6. Run the following command to enter the installation path and DNS name.
    c:\Program Files\Oracle\DedicatedKMS\configure_dkms.exe
    Note

    • If you're updating an existing client installer, the existing client configuration from previous installations aren't overwritten.
    • As part of installation, the Windows Client Installer automatically registers the Cryptography API: Next Generation (CNG) and key storage provider (KSP). However, you can run the Register command to validate registration.
  7. After the installation is complete, you can go the Client Service, User Management utility, and Key Management utility configuration files to verify the DNS name and configuration details.

Configuring the Windows Client Service

Complete the following steps to configure the client service config. Ensure you have copied pkey-c, cert-c, and partitionOwnerCert.pem to the data directory of the Windows client installation. By default, the directory is at C:\Program Files\Oracle\DedicatedKms\data.
  1. Open the client.cfg file in a text editor to validate the installation location, DNS name of the HSM and the client.cfg file.
  2. Optional: Update the hostname field with DNS value available on the OCI Console. For more information, see Getting HSM Cluster DNS Name.
  3. Optional: Update port field with the client Port value available on the OCI Console. For more information, see Getting HSM Cluster Port Details.
    Output
    {
       "ssl":{
          "certificate":"C:\Program Files\Oracle\DedicatedKms\data\cert-c",
          "pkey":"C:\Program Files\Oracle\DedicatedKms\data\pkey-c",
          "owner_cert_path":"C:\Program Files\Oracle\DedicatedKms\data\partitionOwnerCert.pem",
          "CApath":"C:\Program Files\Oracle\DedicatedKms\data\certs"
       },
       "mutual_auth":{
          "e2e_mutual_auth_cert_path":"",
          "e2e_mutual_auth_pkey":""
       },
       "client": {
            "daemon_id": 1,
            "reconnect_attempts": -1,
            "reconnect_interval": 10,
            "command_retry_attempt_count" : 3,
            "command_retry_attempt_time": 10
        },
       "server":
          {
            "hostname": "<DNS of HSM Cluster>",
            "port": <port>
          }
       ,
       "logging":{
          "log_level":"INFO",
          "logfiles_location":"C:\Program Files\Oracle\DedicatedKms\logs"
       }
    }