Preparing to deploy the PingIntelligence policy - PingIntelligence for APIs

Preparing to deploy the PingIntelligence policy - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Complete the following steps based on your operating system.

The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.

Before deploying the PingIntelligence policy:

Install and configure the PingIntelligence software.

For more information, see PingIntelligence automated deployment for virtual machines and servers or PingIntelligence manual deployment.
Sign on to your ASE machine and verify that ASE is in sideband mode by running the following status command:
```
/opt/pingidentity/ase/bin/cli.sh status
```
If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set mode as sideband and start ASE.
For secure communication between NGINX and ASE, enable sideband authentication by entering the following ASE command:
```
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
```
To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use.
A token is required for NGINX to authenticate with ASE.
```
# ./bin/cli.sh -u admin -p admin create_sideband_token
```
Configure the following for your operating system:
- RHEL 7.6
  1. Verify your RHEL version by entering the following command on your machine:
```
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)
```
  2. OpenSSL 1.0.2k-fips on your RHEL 7.6 machine using the openssl version command:
```
$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
```
    Important:
    The PingIntelligence modules for NGINX Plus have been specifically compiled for RHEL 7.6 and OpenSSL 1.0.2k-fips. If you have different versions of these component, contact Ping Identity support.
  3. Configure certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
```
# sudo mkdir -p /etc/ssl/nginx
```
    2. Sign on to the NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ss/nginx.
      For more information, see Installing NGINX Plus
  4. Run the following command to download dependencies for RHEL:
```
# yum install wget ca-certificates
```
- Ubuntu 16.0.4 LTS
  1. Run the following command to check your Ubuntu version:
```
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
```
  2. OpenSSL 1.0.2g and check the OpenSSL version using the openssl version command:
```
$ openssl version
OpenSSL 1.0.2g  26 Jan 2017
```
  3. Run the following command to download dependencies for Ubuntu:
```
# sudo apt-get install apt-transport-https lsb-release ca-certificates
```
  4. Configure the certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
```
# sudo mkdir -p /etc/ssl/nginx
```
    2. Sign on to the NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx.
      For more information, see Installing NGINX Plus.
  Important:
  The PingIntelligence modules are specifically compiled for Ubuntu 16.0.4 and OpenSSL 1.0.2g. If you do not have these specific versions of Ubuntu and OpenSSL, contact Ping Identity support.
- Debian 9
  1. Run the following command to check your Debian version:
```
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"

NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
VERSION_CODENAME=stretch
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
```
  2. OpenSSL 1.1.0l and check the OpenSSL version using the openssl version command:
```
$ openssl version
OpenSSL 1.1.0l  10 Sep 2019
```
  3. Configure the certificate for NGINX Plus:
    1. Create a directory for SSL certificates:
```
# sudo mkdir -p /etc/ssl/nginx
```
    2. Sign on to the NGINX customer portal and download nginx-repo.key and nginx-repo.crt to /etc/ssl/nginx.
      For more information, see Installing NGINX Plus.