Complete the following steps based on your operating system.
The PingIntelligence policy modules are complied for NGINX Plus R16. If you have a different version of NGINX Plus, contact Ping Identity support.
Before deploying the PingIntelligence policy:
-
Install and configure the PingIntelligence
software.
For more information, see PingIntelligence automated deployment for virtual machines and servers or PingIntelligence manual deployment.
-
Sign on to your ASE machine and verify that ASE is in sideband
mode by running the following status command:
/opt/pingidentity/ase/bin/cli.sh status
If ASE is not in sideband mode, then stop ASE and change the mode by editing the /opt/pingidentity/ase/config/ase.conf file. Set
mode
as sideband and start ASE. -
For secure communication between NGINX and ASE, enable sideband authentication
by entering the following ASE command:
# ./bin/cli.sh enable_sideband_authentication -u admin –p admin
-
To generate the token in ASE, enter the following command in the ASE command
line and save the generated authentication token for further use.
A token is required for NGINX to authenticate with ASE.
# ./bin/cli.sh -u admin -p admin create_sideband_token
-
Configure the following for your operating system:
- RHEL 7.6
- Verify your RHEL version by entering the following command on your
machine:
$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo)
- OpenSSL
1.0.2k-fips
on your RHEL 7.6 machine using the openssl version command:$ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
Important:The PingIntelligence modules for NGINX Plus have been specifically compiled for RHEL 7.6 and OpenSSL
1.0.2k-fips
. If you have different versions of these component, contact Ping Identity support. - Configure certificate for NGINX Plus:
- Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
- Sign on to the NGINX customer portal and download
nginx-repo.key and
nginx-repo.crt to
/etc/ss/nginx.
For more information, see Installing NGINX Plus
- Create a directory for SSL certificates:
- Run the following command to download dependencies for RHEL:
# yum install wget ca-certificates
- Verify your RHEL version by entering the following command on your
machine:
- Ubuntu 16.0.4 LTS
- Run the following command to check your Ubuntu version:
$ cat /etc/os-release NAME="Ubuntu" VERSION="16.04 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.6 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial
- OpenSSL
1.0.2g
and check the OpenSSL version using the openssl version command:$ openssl version OpenSSL 1.0.2g 26 Jan 2017
- Run the following command to download dependencies for Ubuntu:
# sudo apt-get install apt-transport-https lsb-release ca-certificates
- Configure the certificate for NGINX Plus:
- Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
- Sign on to the NGINX customer portal and download
nginx-repo.key and
nginx-repo.crt to
/etc/ssl/nginx.
For more information, see Installing NGINX Plus.
- Create a directory for SSL certificates:
Important:The PingIntelligence modules are specifically compiled for Ubuntu 16.0.4 and OpenSSL
1.0.2g
. If you do not have these specific versions of Ubuntu and OpenSSL, contact Ping Identity support. - Run the following command to check your Ubuntu version:
- Debian 9
- Run the following command to check your Debian version:
$ cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 9 (stretch)" NAME="Debian GNU/Linux" VERSION_ID="9" VERSION="9 (stretch)" VERSION_CODENAME=stretch ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"
- OpenSSL
1.1.0l
and check the OpenSSL version using the openssl version command:$ openssl version OpenSSL 1.1.0l 10 Sep 2019
- Configure the certificate for NGINX Plus:
- Create a directory for SSL certificates:
# sudo mkdir -p /etc/ssl/nginx
- Sign on to the NGINX customer portal and download
nginx-repo.key and
nginx-repo.crt to
/etc/ssl/nginx.
For more information, see Installing NGINX Plus.
- Create a directory for SSL certificates:
- Run the following command to check your Debian version:
- RHEL 7.6