Installation with Default TLS in "Expert Mode"
This installation process installs the following Tenable Identity Exposure components in TLS mode without peer verification and with automatically generated and self-signed certificates. It requires the "Expert Mode" setting in the Setup Wizard.
Order of installation
Install the components in the following order:

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
Deselect the Security Engine Nodes and Directory Listener components.
-
Click Next.
The TLS Options window appears.
-
Select the TLS with autogenerated and self-signed certificates (Default) option.
-
Click Next.
The Storage Manager window appears.
-
In the Password box, type a password for the MSSQL database.
Note: The installer requires an SA password with the syntax described in Strong Passwords for the SQL Server.
Note: Tenable strongly recommends that you keep the default TENABLE instance name.
-
Click Next.
The Ready to Install window appears.

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Select the Expert Mode checkbox.
-
Click Next.
The Custom Setup window appears.
-
Deselect the Storage Manager and Directory Listener components.
Note: To install SEN services over several machines, see Split Security Engine Node (SEN) Services.
-
Click Next.
The TLS Options window appears.
-
Select the TLS with autogenerated and self-signed certificates (Default) option.
-
Click Next.
The Storage Manager window appears.
-
Provide the following information:
-
In the MSSQL and Event Logs Storage boxes, type the hostname of the Storage Manager.
-
In the Password box, type the service account password for the MSSQL database defined in the Storage Manager installation.
Note: The installer requires an SA password with the syntax described in Strong Passwords for the SQL Server.
-
-
Click Next.
The Security Engine Node window appears.
-
In the DNS name or IP box, type the DNS name (preferred) or IP address of the web server that end users enter to access Tenable Identity Exposure.
Note: By default, the installation process creates a self-signed certificate with the DNS name or the IP address that you entered. For more information, see Change the IIS Certificate.
-
Click Next.
The Ready to Install window appears.

-
On the local machine, run the installation file Tenable.ad_v3.29.x.exe.
A welcome screen appears.
-
In the setup language box, click the arrow to select the language for the installation, and click Next.
The Setup Wizard appears.
-
Click Next.
The Custom Setup window appears.
-
Deselect the Storage Manager and the Security Engine Nodes components.
-
Click Next.
The TLS Options window appears.
-
Select the TLS with autogenerated and self-signed certificates (Default) option.
-
Click Next.
The Security Engine Node window appears.
-
In the Host box for RabbitMQ, type the address of the Security Engine Node hosting RabbitMQ.
-
Click Next.
The Directory Listener window appears.
-
In the Subnets box, type the subnet address for the Directory Listener. For multiple subnets, use a comma to separate the addresses.
-
Click Next.
The Ready to Install window appears.
-
Click Install to begin the installation.
After the installation completes, the Completing the Tenable.ad Setup Wizard window appears.
-
Click Finish.
A dialog box asks you to restart your machine.
-
Click Yes.
The machine restarts.
-
Restart the SEN machine.
-
Restart the Storage Manager machine.
See also