--- title: Command-line reference description: Command to install and setup an AM instance. component: pingam version: 8 page_id: pingam:amster:reference canonical_url: https://docs.pingidentity.com/pingam/8/amster/reference.html page_aliases: ["user-guide:amster-reference.adoc"] section_ids: amster-installam-reference: install-openam - install PingAM synopsis: Synopsis description: Description --- # Command-line reference ## install-openam - install PingAM ### Synopsis ``` install-openam [options] ``` ### Description Command to install and setup an AM instance. The following parameters are required: * `--adminPwd amAdmin-password` The password of the `amAdmin` user. If the `--cfgStoreDirMgrPwd` option is not specified, this value is also the password of the configuration store's directory manager user. The password must be at least 8 characters in length. * `--serverUrl protocol://FQDN:port/URI` The protocol, URL, port, and deployment URI of the AM instance. For example, `https://am.example.com:8443/am`. The following options are available: * `--acceptLicense` Indicates the user accepts Amster usage terms and conditions. * `--authorizedKey` *path* The path to an SSH public key file. The content of this file is appended to the `authorized_keys` file of the newly-installed AM instance, allowing users to connect to it with Amster after the install completes. Find more information about connecting to AM with Amster in [Connect to AM](connect-am.html). * `--cfgDir` *path* The configuration directory where AM stores files, such as `$HOME/am` * `--cfgStore` *dirServer* Set this to `dirServer` to install AM with an external DS server as the configuration store. When you install AM with an external configuration store, you must also use an external identity store. By default, identities are stored in the same directory server instance as the configuration store. You must use an external directory server for the configuration store. If you try to install AM with the `--cfgStore embedded` option, the installation fails with the following exception `From AM 8, embedded DS configuration is not supported`. * `--cfgStoreAdminPort` *port* The administration port number for the configuration store, such as `4444`. * `--cfgStoreDirMgr` *username* The bind DN of the configuration store user account, such as `uid=am-config,ou=admins,ou=am-config`. * `--cfgStoreDirMgrPwd` *password* The password for the bind DN. If not set, it takes the password defined for the `--adminPwd` option. * `--cfgStoreHost` *FQDN* The FQDN of the configuration store directory server host, for example, `ds.example.com`. * `--cfgStorePort` *port* The LDAPS or LDAP port number for the configuration store directory server, such as `1636` or `1389`. * `--cfgStoreRootSuffix` *DN* The root suffix DN for the configuration store, such as `ou=am-config`. * `--cfgStoreSsl [SIMPLE|SSL]` Set this to `SSL` to use LDAP with SSL. DS is configured for LDAPS by default. To use LDAP without SSL, set this to `SIMPLE`. * `--cookieDomain` *domain* The name of the trusted DNS domain AM returns to a browser when it grants a session ID to a user. Default: FQDN used in the `--serverUrl` option * `--installLocale` *locale* The locale to use during the install process. Default: `en_US` * `--lbPrimaryUrl` *URL* The load balancer URL of the site, such as `https://lb.example.com:443/am` * `--lbSiteName` *name* The name of the site to create, if any. * `--platformLocale` *locale* The default locale for the AM installation. Default: `en_US` * `--pwdEncKey` *key* The encryption key value used to encrypt passwords in the AM instance. For example `O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32`. If you're installing an AM instance that will use existing data, you must provide the same encryption key value originally used to encrypt the passwords in those data stores. To locate the encryption key value in an AM instance, navigate to Deployment > Servers > *server name* > Security > Encryption. If you are installing a new AM instance that won't use existing data in a data store, you can leave this property empty. AM generates a random encryption key during installation to encrypt the data that will be added to the data store. This option is *required* when configuring an AM instance into a site, and must be set to the encryption key configured for the rest of the servers in the site. Failure to set this option to the appropriate value will cause the original encryption key to be overwritten, which will render the site unable to read the configuration, and the identity stores. Default: No value; a random encryption key is generated during installation * `--userStoreDirMgr` *username* The bind DN of the identity store user account, such as `uid=am-identity-bind-account,ou=admins,ou=identities`. * `--userStoreDirMgrPwd` *password* The password for the bind DN. * `--userStoreDomainName` *FQDN* The Active Directory Domain Name, such as `ad.example.com`, when the `--userStoreType` option is set to `LDAPv3ForADDC`. * `--userStoreHost` *FQDN* The FQDN of the identity store directory server, such as `ds.example.com`. * `--userStorePort` *port* The LDAPS or LDAP port number for the identity store. Default for LDAPS is `636` and for LDAP is `389`. * `--userStoreRootSuffix` *DN* The root suffix DN for the identity store, such as `ou=identities`. * `--userStoreSsl [SIMPLE|SSL]` Set this to `SSL` to use LDAP with SSL. DS is configured for LDAPS by default. To use LDAP without SSL, set this to SIMPLE. * `--userStoreType` *type* The type of directory server used for the identity store. Possible values for *type* are: * `LDAPv3ForOpenDS`, for DS stores. * `LDAPv3ForAD`, for Active Directory with host and port settings. * `LDAPv3ForADDC`, for Active Directory with domain name setting. * `LDAPv3ForADAM`, for Active Directory Application Mode. When using the `LDAPv3ForADDC` store type, set up the `--userStoreDomainName` option to the Active Directory Domain Name, for example `ad.example.com`. Default: Not set