===== Workstation Installation Guide =====


==== Introduction ====


With the implementation of the CeRTNA Documentation Wiki, this version of the Workstation Installation Guide serves as consolidation of multiple user guides. This document covers the installation and configuration requirements for the following platforms:

  * APEX Transport Client
  * ERDS Web Client
  * G2G Web Client
  * Entrust PKI Certificates

You can quickly move to any section by clicking the table of contents shown above



==== Overview ====


The CeRTNA ERDS workstation configuration requirements are driven by several factors as shown below:

  * Workstation Security As Outlined By The California DOJ
  * Encryption & Authentication Technologies Used By Entrust
  * Two-Factor Authentication Via SafeNet USB Tokens
  * Support Of The ERDS Web Based Application

In order to access the CeRTNA application, an ERDS application must meet the security requirements as outlined by the California DOJ. The California DOJ Baseline Security Requirements can be viewed at the following URL:


[[https://oag.ca.gov/sites/all/files/agweb/pdfs/erds1/Baseline_9_2014.pdf]]

Section 4.2.7 of the referenced DOJ document outlines the security requirements for a workstation.

To ensure compliance with the DOJ regulations, a CeRTNA ERDS workstation must pass a security audit before it can be used to process production level electronic recording. A new section has been added to this document that outlines the steps to be taken to prepare for the initial workstation security audit.

The CeRTNA application currently uses a toolkit provided by Entrust to perform authentication and encryption services. The Entrust services make use of Public Key Infrastructure (PKI) and Microsoft Cryptography API (CAPI) technologies. The Entrust toolkit uses Java to deliver its functionality and therefore a CeRTNA ERDS workstation must have a version of Java that is compatible with the version of Entrust tools that are in used by CeRTNA.

To support Two-Factor Authentication the CeRTNA application uses USB token technology provided by SafeNet. Drivers are required to communicate with the token and CeRTNA receives SafeNet drivers from Entrusthat that are compatible with the Entrust toolkit. Information about where to obtain the latest drivers and how to install them is provided later in this document.

Finally, the CeRTNA ERDS application is a web-based .NET application that is served up from a Microsoft Internet Information Services (IIS) web server platform. This means a web browser is required to access the CeRTNA ERDS application functionality. Currently the ERDS application will only work with the Microsoft’s Internet Explorer web browser.

==== HW & OS Requirements ====

{{page>[:guides:hw_and_os_reqs&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}}


==== Supporting Software Requirements ====


=== Java Runtime Environment (JRE) ===

CeRTNA is actively transitioning customers to its APEX software. Although APEX does not require Java, CeRTNA still supports customers using the ERDS or G2G web client to send and retrieve XML transactions. In order to use the CeRTNA ERDS or G2G web client, customers must have a Java Runtime Environment (JRE) installed. 

As mentioned in the overview section there are a variety of tools required to deliver the CeRTNA application functionality. An extensive number of hours have been invested by CeRTNA to validate the proper application functionality across operating systems, encryption decryption tools, browsers, platforms (ERDS & G2G), certificate renewals/downloads, application roles (submitters, counties, administrators) etc.
 
In order for everything to work properly together the most important item becomes the Java Runtime Environment (JRE). Comprehensive functionality will only be supported if you are using one of the following JRE versions:

{{tablelayout?colwidth="150px,500px"&rowsFixed=1&rowsVisible=10&float=left}}
^ JRE Version          ^ Download URL     ^
| JRE 7.51 (x86)   | [[https://www.certna.org/ErdsUI/Downloads/jre-7u51-windows-i586.zip]]        |
| JRE 8.121 (x86)   | [[https://www.certna.org/ErdsUI/Downloads/jre-8u121-windows-i586.zip]]        |


Due to requirements for installing and/or updating Entrust PKI certificates, CeRTNA cannot support JRE 6 Update 45. If you are still running JRE 6 Update 45, please update your workstation to use one of the supported versions shown in the preceding table. <color #00a2e8>CeRTNA recommends using JRE 8.121, if possible.</color>

Once you have downloaded one of the JRE installation files shown above, unzip the file to a working folder such as C:\JRE_Setup or a folder name of your choosing. Once the zip file has been extracted open the following subfolder:
C:\{your workfolder}\ and double-click the JRE setup program to start the setup process. If you are prompted by User Access Control (UAC) to allow the installation, click the Yes button.

Click on one of the following links to view the installation instructions for either JRE7 or JRE8

[[guides:jre7_setup|JRE Version 7 Update 51 Installation Instructions]]

[[guides:jre8_setup|JRE Version 8 Update 121 Installation Instructions]]


==== XML Parser ====

Starting with Windows 7, support for Microsoft’s Core XML Parser is delivered with the operating system. **It does not need to be downloaded and installed separately**. 

CeRTNA ERDS & G2G web applications require that you set your Internet Explorer browser into Compatibility Mode. If you do not configure your Internet Explorer browser for compatibility mode, you see the message **‘<color #ed1c24>XML Parser Not Found</color>’** if you attempt to complete a process that requires the application to parse an XML file, such as submitting a transaction or viewing a transaction.


==== SafeNet Client/Token Installation ====


{{page>[:guides:safenet_installation&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}}


==== Entrust Certificate Installation ====


{{page>[:guides:entrust_certificate_installation&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}}


==== Revisions ====


{{tablelayout?colwidth="100px,100px,100px,350px"&rowsFixed=1&rowsVisible=10&float=left}}
^ Date          ^ Version ^ Name           ^ Description     ^
| 05-21-2009    | 1.0     | Brett Zamora   | Initial draft.        |
| 04-29-2011    | 1.1     | Brett Zamora   | Added updates based on knowledge gained during first year of operation. These include adjusting settings on the Java Runtime Environment and some additional FAQ’s.        |
| 05-10-2011    | 1.2     | Brett Zamora   | Updated graphic and text placement.        |
| 08-10-2015    | 2.0     | Brett Zamora   | Reworked look & feel of this document and updated content to reflect a more current set of software. Also added section about preparing the workstation for the initial security audit.        |
| 04-06-2016    | 2.1     | Brett Zamora   | (1) Added version to the cover page. (2) Removed reference to Internet Explorer 8. The only officially supported browser is Internet Explorer 11. (3) Updated Java Runtime section to provide information about support for JRE 8. (4) Updated the SafeNet Token installation section to include a comment regarding uninstalling existing SafeNet 7.x software and also updated the section heading to point out that the section only applies to ERDS platforms, not G2G platforms. (5) Updated Table Of Contents.        |
| 07-27-2017    | 3.0     | Brett Zamora   | (1) Converted Workstation Installation Guide to a wiki format. Versioning will now be managed via wiki engine. (2) Updated content so that this single document contains the installation requirements for the ERDS, G2G, and APEX platforms. |