Swiss federal authorities

Run the installer program

To install the sedex-Client, run the installer program:

  • On most systems, both installer programs (JAR and EXE) can be started by double-clicking them.

  • The JAR installer can also be run from a command line interface by typing:

    java -jar [file name].JAR

Once running, the program will guide you through a sequence of dialogues and then install the sedex-Client.

The following steps show a typical installation on Windows.

Note: The step numbering on the following pages will have gaps because some steps are skipped, depending on the type of installation or migration.

Step 1/25: Language Selection🔗

This screen allows you to choose the language used to guide you through the installation.

Step 2/25: Welcome🔗

This screen shows important information about the installation.

Step 3/25: Additional Information🔗

Please read and follow the instructions regarding the network access needed by the sedex-Client.

Step 4-5/25: Additional Information🔗

Additional panels are displayed if the installer program is not current. Please read and follow the instructions. The following is just one example.

Step 7/25: Migrate or Install🔗

This screen allows you to choose whether to migrate an existing installation or install a new installation. Select the new installation.

Step 10/25: Installation Path🔗

This screen allows you to choose the root folder for the installation.

Note: You can install more than one sedex-Client on any given system by running the installer several times, but you must select a different installation path for each installation!

Step 11/25: Select Installation Packages🔗

This screen allows you to select the components to be installed.

Components

  • sedex Controller (required)

    The sedex Controller monitors and controls all of the sedex-Client’s processes and must be installed.

  • sedex Adapter (required)

    The sedex Adapter enables the message exchange over the sedex platform and must be installed.

  • sedex Web Service Proxy / REST API for Messaging (optional)

    The sedex Web Service Proxy is required in order to access configured Web services using the sedex certificate, or to use the REST API for messaging.

Step 12/25: sedex Participant Configuration🔗

This screen allows you to specify the configuration values for the sedex participant. All the fields must be filled using the values provided by the sedex Support at FSO.

  • The sedex participant ID of this sedex-Client installation.
  • Use an existing certificate or generate a new certificate.
If you have an existing certificate🔗

  • The private certificate file (P12) used by this sedex-Client.

    The file you specify here will be automatically copied into the sedex-Client folder structure. This allows you to indicate a path to the certificate that does not have to be available after the installation (USB stick etc.).

    The specified certificate file must end with the .p12 file name extension.

  • The password for the private certificate used by this sedex-Client.

If you need a new certificate🔗

The sedex-Client can request a new sedex certificate. To do this, ask your sedex Domain Administrator to create a certificate request.

  • The Certificate Request ID (CRID), typically received via SMS.
  • The One Time Password (OTP) for the given CRID, typically received via e-mail.

Step 13/25: Web Service Proxy Configuration🔗

The sedex Web Service Proxy is a sedex-Client add-on service which offers local access to configured remote Web services using the sedex certificate.

Note: The sedex Web Service Proxy is optional and will only run if selected in step 11 of the installer. If it was not selected, this section of the panel will not be displayed.

  • HTTPS Web Service Proxy port

    The port on which the sedex Web Service Proxy will listen for requests by your business applications using the secure HTTPS protocol. Default value is 8443.

  • Web service proxy bind address

    The network interface on which the sedex Web Service Proxy will bind and listen for incoming HTTPS requests. Use localhost to restrict access to the local machine, 0.0.0.0 to allow access from all network interfaces, or specify an individual IP address or DNS name (e.g., 192.168.1.128) to limit access to a specific interface.
    Default value is localhost (restricted access).

Note: If you will be running multiple sedex-Clients on one host, you must select a different port for each installation!

Step 14/25: Monitoring Configuration🔗

The monitoring page provides information about the sedex-Client’s current operational state. This page can be used by system engineers to monitor the sedex-Client.

  • HTTPS monitoring port

    The port on which a simple Web page is published showing the sedex-Client’s state. Default value is 9443.

  • Monitoring bind address

    The network interface on which the monitoring service will bind and listen for incoming HTTPS requests. Use localhost to restrict access to the local machine, 0.0.0.0 to allow access from all network interfaces, or specify an individual IP address or DNS name (e.g., 192.168.1.128) to limit access to a specific interface.
    Default value is localhost (restricted access).

  • Path to monitoring file

    The path where a simple text file named ‘monitoring.txt’ is published showing the sedex-Client’s state. Default value is <sedex_home>\monitoring.

Note: If you will be running multiple sedex-Clients on one host, you must select a different port for each installation!

Step 15/25: Outgoing Network Proxy🔗

This screen allows you to specify an outgoing HTTP proxy server and its service port number. If the sedex-Client will access the Internet (e.g., the sedex Server) through an HTTP proxy server, provide the required information; if the sedex-Client will have direct access to the Internet, leave these fields empty.

Step 16/25: sedex Messaging REST API🔗

Starting with version 7.0, the sedex-Client provides a REST API for sending and receiving messages via HTTPS in addition to the original file folders (outbox, inbox, receipts). This screen allows you to specify whether to enable the REST API for messaging.

  • Enable the REST API for messaging. Temporary files used to send and receive messages using the REST API will be encrypted. This increases the security of the temporary files but uses more processor resources.

    Note: If the REST API is not enabled, the following section of the panel is not displayed.

  • Default interface for receiving messages. Rules in the configuration file conf/sedex-incoming-message-interface-rules.conf specify which sedex messages should be received with which interface.

    • Interface folders

      Use the classic file folders.

    • REST API

      Use the REST API.

Step 17/25: Directories for Messaging Interface🔗

This screen allows you to specify the different messaging folders for the sedex-Client. These folders are the interface to a business application.

Note: If installing the sedex-Client for a participant that has already sent or received messages, provide the corresponding existing folders which have been used up until now. Using the default folders in such a case may prevent a business application from sending and receiving messages.

Step 18/25: Directory for Log Files🔗

This screen allows you to specify the root folder for the sedex-Client’s log files. In this folder a subfolder will be generated for each sedex-Client component (named controller, adapter, and wsproxy).

Step 19/25: Restricting File Access Permissions (Windows only)🔗

The folders of the sedex-Client must be protected against unauthorized access so that only authorized users and business applications have access. By default, the sedex installer does not restrict the permissions of the created folders. Indicate whether the installer should restrict the permissions as follows:

User Access
Group “Administrators” Full Access
User “SYSTEM” Full Access
Installing user Full Access
All other users and groups No permissions

Step 20/25: Summary Configuration Data🔗

This screen displays a summary of all entered values so that you can review them before starting the installation.

Step 21/25: Installation🔗

Now the progress of the sedex-Client’s installation will be displayed. As soon as the progress bar shows “[Finished]”, press the “Next” button.

Step 24/25: Installation Check🔗

A self-test of the sedex-Client installation is now performed. This checks various aspects of the installation, including configuration files, certificates, connections and file access. In the event of an error, the output should contain more details about the problem that has occurred and provide information on how it can be rectified.

For more information about the check, see Installation check

Step 25/25: Installation Finished🔗

The installer can generate an XML-based script describing each step of the installation and the input you provided on each of the preceding screens. The file can be saved to document the installation or to do automatic reinstallations with the same values.

To generate the script, press the button in the middle of the screen.

Notes:

  • To reinstall the sedex-Client with the generated XML file, type the following command using a command line interface:

    java -jar [InstallerFileName].JAR [GeneratedXmlFile].XML

  • For security reasons, the password for an existing private certificate (P12) is not contained in the generated XML file. This password should be kept separately in a secure place. Before using the XML file, it must be opened in a text editor and the missing password must be temporarily inserted again:

    <entry key="certPwd" value="[YOUR-PASSWORD]"/>

  • The CRID and OTP required for creating a new certificate are only valid for a limited time. If they are entered during installation, the sedex-Client must be started promptly to complete the installation.

  • The installer will write a log of the installation to <sedex_home>/installation.log.

  • You as a sedex participant (and its IT staff) are responsible for the secure and stable operation of the sedex-Client in your network. Please note the following chapters in particular to ensure reliable operation: