.. hsm2-install-tools-software.rst

.. _hsm2-install-tools-software-label:


============================================
Installing the YubiHSM 2 Tools and Software
============================================

To complete the procedures in this guide, install the YubiHSM 2 tools and software that will be needed for this.

.. Tip::	A generic prompt, ``$``, is used in command line examples in this document. Depending on your command line application, your prompt may be different.

About the YubiHSM Software
===========================

The following YubiHSM pieces of software are used in this guide. They are included as part of the archive file you downloaded.

Installation
=============

:Step 1:	Unzip the downloaded `archives of the SDK <https://developers.yubico.com/YubiHSM2/Releases/>`_ containing the YubiHSM libraries and tools and move the contents to an appropriate location.

:Step 2:	On your Windows system, run both installers:

    * ``yubihsm-cngprovider-windows-amd64.msi`` (YubiHSM Key Storage Provider)

    * ``yubihsm-connector-windows-amd64.msi`` (YubiHSM Connector for Windows)

:Step 3: Set the ADCS service dependency for the YubiHSM Connector service via an elevated/admin Windows Command Prompt. This prevents an error which occurs if the ADCS services starts before the YubiHSM connector is running.

     a.	List the current dependencies with ``sc qc “certsvc”``

        .. code-block:: bash

           > sc qc “certsvc”
           [SC] QueryServiceConfig SUCCESS

           SERVICE_NAME: certsvc
           TYPE               : 110  WIN32_OWN_PROCESS (interactive)
           START_TYPE         : 2   AUTO_START
           ERROR_CONTROL      : 1   NORMAL
           BINARY_PATH_NAME   : C:\Windows\system32\certsrv.exe
           LOAD_ORDER_GROUP   :
           TAG                : 0
           DISPLAY_NAME       : Active Directory Certificate Services
           DEPENDENCIES       :
           SERVICE_START_NAME : localSystem

     b. Add the YubiHSM connector dependency to ADCS with the command: ``sc config "certsvc" depend="yhconsrv"``

        .. code-block:: bash

           > sc config "certsvc" depend="yhconsrv"
           [SC] ChangeServiceConfig SUCCESS

        After the command is entered, the dependency can be verified with ``sc qc “certsvc”``

        .. code-block:: bash

           [SC] QueryServiceConfig SUCCESS

           SERVICE_NAME: certsvc
           TYPE               : 110  WIN32_OWN_PROCESS (interactive)
           START_TYPE         : 2   AUTO_START
           ERROR_CONTROL      : 1   NORMAL
           BINARY_PATH_NAME   : C:\Windows\system32\certsrv.exe
           LOAD_ORDER_GROUP   :
           TAG                : 0
           DISPLAY_NAME       : Active Directory Certificate Services
           DEPENDENCIES       : yhconsrv
           SERVICE_START_NAME : localSystem

     To remove dependencies for ACDS, use the same command for adding dependencies with a blank depend field: ``sc config "certsvc" depend=""``