Prerequisites

Prerequisite is divided in three sections. Prerequisite for PingIntelligence applies to both RHEL 7.6 and Ubuntu 16.0.4. Complete the prerequisite based on your operating system. The prerequisite section is divided in the following four sections:

#/section_prereq_for_pi
#/section_rhel_prereq
#/section_ubuntu_prereq
#/section_debian_prereq

Prerequisites for PingIntelligence

This section assumes that you have installed and configured PingIntelligence software. For more information on PingIntelligence installation, see PingIntelligence setup or PingIntelligence manual deployment

Verify that ASE is in sideband mode: Log in to your ASE machine and check that ASE is in sideband mode by running the following status command:

/opt/pingidentity/ase/bin/cli.sh status
API Security Enforcer
status                  : started
 mode : sideband
http/ws                 : port 80
https/wss               : port 443
firewall                : enabled
abs                     : enabled, ssl: enabled
abs attack              : disabled
audit                   : enabled
sideband authentication : disabled
ase detected attack     : disabled
attack list memory      : configured 128.00 MB, used 25.60 MB, free 102.40 MB

If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.

Enable sideband authentication: For secure communication between NGINX and ASE, enable sideband authentication by entering the following ASE command:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
```
Generate sideband authentication token

A token is required for NGINX to authenticate with ASE. To generate the token in ASE, enter the following command in the ASE command line:
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Save the generated authentication token for further use in Configure NGINX Plus for RHEL 7.6 or Configure NGINX Plus for Ubuntu 16.0.4.

Prerequisites for RHEL 7.6

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:

NGINX Plus version: The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.
RHEL version: RHEL 7.6. Verify your RHEL version by entering the following command on your machine:
```
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)
```

OpenSSL version: OpenSSL 1.0.2k-fips on your RHEL 7.6 machine. You can the check the OpenSSL version using the openssl version command.

$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

The PingIntelligence modules for NGINX Plus have been specifically compiled for RHEL 7.6 and OpenSSL 1.0.2k-fips. If you have different versions of these component, contact Ping Identity support.

Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
1. Create a directory for SSL certificates:
  # sudo mkdir -p /etc/ssl/nginx
2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ss/nginx

For more information, see Installing NGINX Plus

Download dependencies for RHEL: Run the following command to download dependencies for RHEL:
```
# yum install wget ca-certificates
```

Prerequisites for Ubuntu 16.0.4

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:

NGINX version: The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.

Ubuntu version: Ubuntu 16.04 LTS. Run the following command to check your Ubuntu version:

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

OpenSSL version: OpenSSL 1.0.2g. You can the check the OpenSSL version using the openssl version command:
```
$ openssl version
OpenSSL 1.0.2g  26 Jan 2017
```
Download dependencies for Ubuntu: Run the following command to download dependencies for Ubuntu:
```
# sudo apt-get install apt-transport-https lsb-release ca-certificates
```
Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
1. Create a directory for SSL certificates:
  # sudo mkdir -p /etc/ssl/nginx
2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx

For more information, see Installing NGINX Plus

The PingIntelligence modules are specifically compiled for Ubuntu 16.0.4 and OpenSSL 1.0.2g. If you do not have these specific versions of Ubuntu and OpenSSL, contact Ping Identity support.

Prerequisites for Debian 9

Complete the following prerequisites before deploying PingIntelligence policy on NGINX Plus:

NGINX version: The PingIntelligence policy modules are complied for NGINX Plus R19. If you have a different version of NGINX Plus, contact Ping Identity support.

Debian version:Debian 9 (stretch). Run the following command to check your Debian version:

$ cat /etc/os-release
 PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

OpenSSL version: OpenSSL 1.1.0l. You can the check the OpenSSL version using the openssl version command:
```
$ openssl version
OpenSSL 1.1.0l  10 Sep 2019
```
Configure NGINX Plus certificates: Complete the following steps to configure certificate for NGINX Plus:
1. Create a directory for SSL certificates:
  # sudo mkdir -p /etc/ssl/nginx
2. Login to NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx

For more information, see Installing NGINX Plus