Preparing to deploy the PingIntelligence policy
Complete the following steps based on your operating system.
About this task
The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.
Before deploying the PingIntelligence policy:
Steps
-
Install and configure the PingIntelligence software.
For more information, see PingIntelligence automated deployment for virtual machines and servers or PingIntelligence manual deployment.
-
Sign on to your ASE machine and verify that ASE is in
sidebandmode by running the followingstatuscommand:/opt/pingidentity/ase/bin/cli.sh status
Troubleshooting:
If ASE is not in
sidebandmode, then stop ASE and change the mode by editing the/opt/pingidentity/ase/config/ase.conffile. Setmodeassidebandand start ASE. -
For secure communication between NGINX and ASE, enable sideband authentication by entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
-
To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use.
A token is required for NGINX to authenticate with ASE.
# ./bin/cli.sh -u admin -p admin create_sideband_token
-
Configure the following for your operating system:
Choose from:
-
RHEL 7.6
-
Verify your RHEL version by entering the following command on your machine:
$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) -
OpenSSL
1.0.2k-fipson your RHEL 7.6 machine using theopenssl versioncommand:$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017The PingIntelligence modules for NGINX Plus have been specifically compiled for RHEL 7.6 and OpenSSL
1.0.2k-fips. If you have different versions of these component, contact Ping Identity support. -
Configure certificate for NGINX Plus:
-
Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
-
Sign on to the NGINX customer portal and download
nginx-repo.keyandnginx-repo.crtto/etc/ss/nginx.
-
For more information, see Installing NGINX Plus
-
Run the following command to download dependencies for RHEL:
# yum install wget ca-certificates
-
-
Ubuntu 16.0.4 LTS
-
Run the following command to check your Ubuntu version:
$ cat /etc/os-release NAME="Ubuntu" VERSION="16.04 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.6 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial -
OpenSSL
1.0.2gand check the OpenSSL version using theopenssl versioncommand:$ openssl version OpenSSL 1.0.2g 26 Jan 2017 -
Run the following command to download dependencies for Ubuntu:
# sudo apt-get install apt-transport-https lsb-release ca-certificates
-
Configure the certificate for NGINX Plus:
-
Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
-
Sign on to the NGINX customer portal and download
nginx-repo.keyandnginx-repo.crtto/etc/ssl/nginx.For more information, see Installing NGINX Plus.
The PingIntelligence modules are specifically compiled for Ubuntu 16.0.4 and OpenSSL
1.0.2g. If you do not have these specific versions of Ubuntu and OpenSSL, contact Ping Identity support.
-
-
-
Debian 9
-
Run the following command to check your Debian version:
$ cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 9 (stretch)" NAME="Debian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" VERSION_CODENAME=stretch ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" -
OpenSSL
1.1.0land check the OpenSSL version using theopenssl versioncommand:$ openssl version OpenSSL 1.1.0l 10 Sep 2019 -
Configure the certificate for NGINX Plus:
-
Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
-
Sign on to the NGINX customer portal and download
nginx-repo.keyandnginx-repo.crtto/etc/ssl/nginx.
-
-
For more information, see Installing NGINX Plus.
-