Implementation Steps
This document will guide you through the installation steps for installing the CSE service on one host
Installation steps on CSE server
This is the installation of the CSE docker container and can be done with guidance from Virtru on a call.
-
Create a working directory for cse and cd into that directory
mkdir /var/virtru/scriptscd /var/virtru/scripts -
Download the CSE setup script
curl -s https://api.github.com/repos/virtru/cse-install-script/releases/latest \
| grep "browser_download_url.*sh" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -qi - - Run the deploy script
sh deploy-cse-<version>.sh
- Follow steps in the script to input the following information
- CSE Version (hit enter for latest version)
- CSE Domain (FQDN of your CSE server)
- CSE HMAC ID (Provided by Virtru)
- CSE HMAC Secret (Provided by Virtru)
- CKS option (yes if you are using a Virtru CKS)
- CKS Domain (FQDN of your Virtru CKS server)
- CKS HMAC ID (From your Virtru CKS server)
- CKS HMAC Secret (From your Virtru CKS server)
- IDP Provider (Google or Other)
- If "google" you will need to provide your Google OAuth Client ID string on the next step
- If "other" you will need to get the Authentication issuer ids (from the authentication JWT) to the URL where the issuer publishes its JSON Web Keyset from your IDP.
- Auth N Key (Map of accepted Authentication issuer ids)
- Auth N Value (URL where the issuer publishes its JSON Web keyset)
- JWT Auth N Value (OAuth Client ID String)
- Add your CA certs to the "/var/virtru/cse" directory
-
cat [path-to-certificate] [path-to-intermediate-cert-1] ... [path-to-root-cert] > server.cert
-
cat [path-to-private-key] > server.key
-
- Run the run script
sh run.sh
Google Workspace Configuration
Follow the steps from Google for connecting your CSE server to your Google Workspace tenant
https://support.google.com/a/answer/10742487?hl=en&ref_topic=10742486