HOW TO: Use the PGP Universal 2.5/2.6 Setup Assistant

Article:HOWTO41970  |  Created: 2006-09-05  |  Updated: 2011-02-06  |  Article URL http://www.symantec.com/docs/HOWTO41970
Article Type
How To




This article provides step-by-step instructions to aid administrators through the initial configuration of a primary PGP Universal Server using its Web-based Setup Assistant.



HOW TO: Use the PGP Universal 2.5/2.6 Setup Assistant

The Setup Assistant only appears the first time you access the PGP Universal Server from your web browser. The Setup Assistant displays a series of screens that ask you questions about your network and about how you want your PGP Universal Server to work; the Setup Assistant uses the answers to those questions to finish configuring your PGP Universal Server.

In many cases, the Setup Assistant will do the majority of the configuration for your PGP Universal Server. You can change any settings you establish with the Setup Assistant anytime after you run it using the administrative interface of the PGP Universal Server; you can also use the administrative interface to configure those features not covered in the Setup Assistant.

The Setup Assistant supports four types of setups:
  • Primary. You are configuring a PGP Universal Server that will be your only PGP Universal Server or the Primary server in a cluster.

  • Secondary. You are configuring a PGP Universal Server that will be a Secondary server in a cluster. You must have already set up the Primary server in the cluster or this setup will not work.

  • Restore. You are restoring backed-up data from another PGP Universal Server onto a new PGP Universal Server. You will need the backed-up data file and the Organization Key used to encrypt the backup file.

  • Keyserver. You are migrating the keys and data from a PGP Keyserver to a PGP Universal Server.

Initial Configuration with Setup Assistant

After the software installs and the server restarts, you can connect to the PGP Universal Server via a Web browser at the configured IP address and finish running the Setup Assistant.
  1. Open a Web browser and connect to the PGP Universal Server:

    Enter https://<hostname>:9000 (for customnet, standard, and expert software installations)
    or
    Enter https://192.168.1.100:9000 (for noautopart and pgp software installations)

    The Welcome Screen of the Setup Assistant appears.

  2. Read the text, then click Forward arrow to continue.

    The End User License Agreement screen appears.
  3. Read the text of the License Agreement, then click the I Agree button at the end of the agreement.

    The Setup Type screen appears.

  4. Click the Radio Button next to the Setup Type your installation requires.

  5. Click the Forward arrow to continue.

    The Date & Time screen appears.
  6. Pull down the Time Zone drop-down list and select your location.

  7. Choose Time Format and Date Format settings.

  8. Set the correct Time and Date.

    Note: Your server preforms many time-based operations, so it is important to set up the correct time.

  9. Optionally, specify an NTP Time Server in the NTP Server field.

  10. Click the Forward arrow to continue.

    The Network Setup screen appears.

  11. Enter the Network Information that is not already present.

    Note: In the Hostname field, enter a name for this PGP Universal Server. This must be a fully-qualified domain name of the external, untrusted interface.

    PGP Corporation strongly recommends you name your externally visible PGP Universal Server according to the keys.<domain> convention, which allows other PGP Universal Servers to easily find valid public keys for email recipients in your domain.

  12. Click the Forward arrow to continue.

    The Confirmation screen appears.

  13. Make sure the information is correct, then click Done.

    Click the Back arrow if you need to go back and make any changes.

    The Network Configuration Changed dialog appears while the server restarts automatically.

    Note: If you chose the pgp or noautopart installation, you will need to reconnect to your Universal Server. At this point, your PGP Universal Server has accepted the new network settings you entered, so it will disconnect the temporary setup. You will need to reconnect to the Server using the https://<hostname>:9000 url.

Primary or Secondary Configuration

If you selected a Primary or Secondary configuration for the PGP Universal Server you are configuring with the Setup Assistant, the Licensing screen appears automatically.

  1. Enter your PGP Universal Server license information, then click the Forward arrow.

    Click Skip if you want to license your PGP Universal Server at a later time.

  2. If your PGP Universal Server has an active connection to the Internet, the PGP Universal Server license will be authorized.

  3. If your PGP Universal Server does not have an active connection to the Internet, for example because it is behind a proxy server, your license authorization will be needed; click Manual.

  4. Enter the appropriate license information, paste your license authorization information in the License Authorization box (appears when the Manual button is clicked), then click the Forward arrow.

  5. If your PGP Universal Server license supports the Symantec AntiVirus option, the AntiVirus screen appears.

  6. Enter your Symantec AntiVirus serial number in the Serial Number field.

    Click Skip to continue with the Setup Assistant without licensing the AntiVirus feature.

  7. In the License File field, locate your Symantec license file using the Choose File button or paste the contents of your Symantec license file into the License Contents box.

  8. Click the Forward arrow to continue.

    The Administrator Name & Passphrase screen appears.
  9. Enter in the Login Name and Passphrase for the administrator and an optional Email Address.

  10. Click the Forward arrow to continue.

    The Mail Processing screen appears.

  11. Specify the placement of this PGP Universal Server in your network.

    Select Gateway Placement if your PGP Universal Server is logically located between your mail server and the Internet.

    Select Internal Placement if your PGP Universal Server is logically located between your email users and your mail server, or if your PGP Universal Server is out of the mailstream.

  12. Click the Forward arrow to continue.

    The Mail Server Selection screen appears.

  13. In the Mail Server field, enter the hostname or IP address of the mail server that this PGP Universal Server will be interacting with.

  14. In the Proxy Server field, enter an optional additional mail server to which all outbound mail will be sent.

  15. In the Primary Domain field, enter the email domain that the PGP Universal Server is going to be managing.

  16. Click the Forward arrow to continue.

    The Directory Server screen appears.

  17. In the Directory Server field, enter the hostname or IP address of your corporate LDAP directory so that PGP Universal can synchronize user information with that LDAP directory.

    Using a directory server is optional. If you do not have one on your network or do not wish to use one, leave the Directory Server field empty and continue with the Setup Assistant.

  18. Click the Forward arrow to continue.

    The Ignition Keys screen appears.

  19. Select the type of Ignition Key you would like to use, then click the Forward arrow.

    Click Skip to proceed with the Setup Assistant without configuring an Ignition Key.

    Note: Ignition Keys protect the data on your PGP Universal Server if an unauthorized person gets control of it. If you want to use a hardware Ignition Key, you will need to prepare the token before you add it to the system here.

    The appropriate Ignition Key screen appears. The Passphrase Ignition Key screen is shown here.
  20. Enter a name for the Ignition Key, a passphrase, confirm the passphrase, then click the Forward arrow.

    The Backup Organization Key screen appears.

  21. If desired, enter the passphrase that will protect the Organization Key (this is optional, but highly recommended ), then click Backup Key to back up the key. Be aware that without a backup of your Organization Key, you will not be able to restore your PGP Universal Server from backed-up data.

    To skip backing up your Organization Key (not recommended), click Forward without backing up the key.

    Note: The PGP Universal Server generates an Organization Key for you. If you want to generate an S/MIME Organization Certificate, you should do so immediately after finishing setup.

  22. Click the Forward arrow to continue.

    The Confirmation screen appears.

    This screen summarizes the configuration of your PGP Universal Server.

  23. Click Done to finish setup.

    The Configuration Changed screen appears, and the server restarts automatically.

    You will be redirected to the administrative interface of the PGP Universal Server you just configured.


Legacy ID



611


Article URL http://www.symantec.com/docs/HOWTO41970


Terms of use for this information are found in Legal Notices