Installation with Custom TLS and with Peer Verification

Required User Role: Administrator on the local machine

This installation type installs the following Tenable Identity Exposure components with custom TLS and peer verification.

Public Key Infrastructure (PKI) Certificate

To use peer verification, your PKI certificate must include the IP addresses or DNS of all the machines used to install Tenable Identity Exposure.

PKI Certificate

Order of installation

Install the components in the following order:

  1. Storage Manager

  2. Security Engine Node

  3. Directory Listener

Caution: For the installation or upgrade to work, you must run the installer as a local user or a domain user who is a member of the Local Administrators group.

  1. On the local machine, run the installation file Tenable.ad_v3.29.x.exe.

    A welcome screen appears.

  2. In the setup language box, click the arrow to select the language for the installation, and click Next.

    Setup language

    The Setup Wizard appears.

  3. Select the Expert Mode checkbox.

  1. Click Next.

    The Custom Setup window appears.

  2. Deselect the Security Engine Nodes and Directory Listener components.

  1. Click Next.

    The TLS Options window appears.

  2. Select the TLS with custom certificates with peer validation option.

  3. Click Next.

    The TLS certificates window appears.

  4. Provide the following information:

    • In the Server PFX Archive box, click ... to browse to your PFX archive.

    • In the PFX Password box, type the password for the PFX file.

    • In the CA Cert File box, click ... to browse to your CA certificate file.

  1. Click Next.

    The Storage Manager window appears.

  1. In the Password box, type a password for the MSSQL database.

    Note: The installer requires an SA password with the syntax described in Strong Passwords for the SQL Server.

Note: Tenable strongly recommends that you keep the default TENABLE instance name.

  1. Click Next.

    The Ready to Install window appears.

  1. Click Install to begin the installation.

    After the installation completes, the Completing the Tenable.ad Setup Wizard window appears.

  2. Click Finish.

    A dialog box asks you to restart your machine.

  3. Click No.

    Caution: Do not restart the machine now.

  4. Install the Security Engine Node.

  1. On the local machine, run the installation file Tenable.ad_v3.29.x.exe.

    A welcome screen appears.

  2. In the setup language box, click the arrow to select the language for the installation, and click Next.

    Setup language

    The Setup Wizard appears.

  3. Select the Expert Mode checkbox.

  4. Click Next.

    The Custom Setup window appears.

  5. Deselect the Storage Manager and Directory Listener components.

    Note: To install SEN services over several machines, see Split Security Engine Node (SEN) Services.

  6. Click Next.

    The TLS Options window appears.

  7. Select the TLS with custom certificates with peer validation option.

  8. Click Next.

    The TLS certificates window appears.

  9. Provide the following information:

    • In the Server PFX Archive box, click ... to browse to your PFX archive.

    • In the PFX Password box, type the password for the PFX file.

    • In the CA Cert File box, click ... to browse to your CA certificate file.

  1. Click Next.

    The Storage Manager window appears.

  2. Provide the following information:

    • In the MSSQL and Event Logs Storage boxes, type the hostname of the Storage Manager.

    • In the Password box, type the service account password for the MSSQL database defined in the Storage Manager installation.

      Note: The installer requires an SA password with the syntax described in Strong Passwords for the SQL Server.

  3. Click Next.

    The Security Engine Node window appears.

  4. In the DNS name or IP box, type the DNS name (preferred) or IP address of the web server that end users enter to access Tenable Identity Exposure.

Note: By default, the installation process creates a self-signed certificate with the DNS name or the IP address that you entered. For more information, see Change the IIS Certificate.

  1. Click Next.

    The Ready to Install window appears.

  1. Click Install to begin the installation.

    After the installation completes, the Completing the Tenable.ad Setup Wizard window appears.

  2. Click Finish.

    A dialog box asks you to restart your machine.

  3. Click No.

    Caution: Do not restart the machine now.

  4. Install the Directory Listener.

  1. On the local machine, run the installation file Tenable.ad_v3.29.x.exe.

    A welcome screen appears.

  2. In the setup language box, click the arrow to select the language for the installation, and click Next.

    Setup language

    The Setup Wizard appears.

  3. Select the Expert Mode checkbox.

  1. Click Next.

    The Custom Setup window appears.

  2. Deselect the Storage Manager and the Security Engine Nodes components.

  3. Click Next.

    The TLS Options window appears.

  4. Select the TLS with custom certificates with peer validation option.

  1. Click Next.

    The TLS certificates window appears.

  2. In the CA Cert File box, click ... to browse to your CA certificate file.

  3. Click Next.

  1. The Security Engine Node window appears.

  2. In the Host box for RabbitMQ, type the address of the Security Engine Node hosting RabbitMQ.

  1. Click Next.

    The Directory Listener window appears.

  1. In the Subnets box, type the subnet address for the Directory Listener. For multiple subnets, use a comma to separate the addresses.

  2. Click Next.

    The Ready to Install window appears.

  3. Click Install to begin the installation.

    After the installation completes, the Completing the Tenable.ad Setup Wizard window appears.

  4. Click Finish.

    A dialog box asks you to restart your machine.

  5. Click Yes.

    The machine restarts.

  6. Restart the SEN machine.

  7. Restart the Storage Manager machine.