Using the Babacus Export Tool
The Export Tool is provided to Certification Authorities (CAs) by Babacus as the recommended way to
transfer certification information to www.certification.nu.
It consists of two components:
a configuration program, and a Windows Service. The configuration program is used to adjust settings
the Windows Service requires to run correctly (e.g. what database server to use). The Windows Service
is the component that collects data from the CA database, connects to Babacus, and transmits the data.
The tool is also specifically designed to support the transfer of certifications from more than one CA.
The Export Tool requires the following:
- Windows XP Professional SP, Windows Vista, Windows 7, or
Windows Server 2003 or later
- Microsoft .NET Framework 3.0 or later
Determining the Database Connection String
The Export Tool uses ODBC
or OleDB to connect to the CA database. Both of these data access technologies need to know where the data is located, and how to access it. This information
is specified using a connection string.
You must determine the ODBC or OleDB connection string to the CA database before proceeding!
ODBC connection strings vary in appearance
depending on what database the CA uses. Here are two examples of connection strings:
SQL Server connection string:
Driver={Sql Server};Server=dataserver.mycompany.com;database=Certifications;uid=Bob;pwd=se2cret
This specifies an SQL Server on the computer
dataserver.mycompany.com, a database on
that server called
Certifications, and specifies a login for access to that database.
The user id (uid) is
Bob and the password is
se2cret.
Microsoft Access connection string:
Driver={Microsoft Access Driver (*.mdb)};DBQ=c:\files\certifications.mdb
This specifies a Microsoft Access database file located at
c:\files\certifications.mdb.
Some more examples of connection strings can be found here.
SQL Queries
The Export Tool issues a database query to collect information. You must understand how to create database
queries to provide the queries to the Export Tool. Read this
page to learn more about the SQL queries before proceeding!
Installing the tool
Once the ODBC or OleDB connection string to the CA database is known, the Export Tool can be installed. Follow these
steps:
- Download the Export Tool software, which is
packaged in a ZIP file.
- Unzip the software in some directory.
- Start the setup.exe program. A wizard will take you though the installation process, which is very simple.
- Click on the Windows Start menu and find the Babacus menu item. Click on it to find
the Babacus Export Tool
.
Upgrading the Babacus Export Tool from a previous version
If you have an older version of the Babacus Export Tool and are upgrading to a newer version, you must first ensure that
the existing Babacus Export Service has been stopped. Neglecting to stop the Export Service will interfere with
installation.
Note: if you are upgrading from version 1 to version 3, you will need to copy all your settings from the tool into
a safe place beforeuninstalling. The upgrade to version 3 will not convert your setting automatically. Upgrading from Version 2 to version 3,
on the other hand, does convert your settings automatically.
To stop the Babacus Export Service, open Administrative Tools > Services. Search for "Babacus Export Service".
Right-click on the service and select the "Stop service" menu item.
After stopping the server, you should uninstall the old Babacus Export Service using
Control Panel > Remove Program.
Finally install the program as you normally would by double-clicking on the downloaded installer package.
Proxies and firewalls
The Export tool needs internet access to accomplish its tasks. It is the responsibility of the CA to ensure
that reaching the internet is possible from the machine on which the Export Tool is installed. Firewalls
must be configured to permit outbound access to DNS and HTTP ports (TCP ports 53 and 80, respectively). Additionally,
the Export tool user interface communicates with the Export Service using TCP port 4512. This port should be opened for
local access (localhost) only. Consult your firewall documentation for how to open TCP ports.
Configuring the tool
Once successfully installed, the Export Tool needs to be configured. Once the Export Tool is started,
the following screen is displayed:
The "Export daily" field controls the time when automated certificate exports are carried out.
Creating an issuer
Each installation of the Babacus Export Tool handles the transfer of one or more CA's. To add a new certificate authority, press the
"Add new issuer..." button. This will take you to the settings page:
In the General page, enter a brief name of the issuer being added. Next, click on the "Database" tab:
Enter the ODBC or OleDB database connection string you determined earlier into the field labelled
Database Connection String. Enter the obligatory Certification Query in the field provided.
Note that the Site Alias Query is only required if you are transmitting alternative ID's for sites, such as
HSA-ID. If you are not transmitting alternative ID's for sites (such as HSA-ID), leave this field blank.
Then, click on the "Web Service" tab:
The Babacus Web Service URL should be set to: http://www.certification.nu/ecomedia/certificateuploadservice3.asmx.
The Babacus User ID and password fields should contain values given to you by Babacus. Save your changes by pressing the "OK" button.
Testing the tool
The Export Tool is now configured, and is ready to be used in a connection test. Select an issuer and click the "Edit..." button on the main window.
Then, click on the "Export" tab.
Press the "Test" button to verify that all settings are correct. It will execute the SQL query against the CA database,
and transmit the resulting certifications to the Babacus server. There the certifications
will be validated, but not saved. If any errors or warnings occur during the operation of the test tool, the following error dialog
will show up:
Red circles indicate error conditions:
something about the certificate is invalid and must be corrected. Yellow
triangles indicate warning conditions: this may indicate missing information. The
Save... button allows you to save the error diagnostics in a text file.
Performing an Export
Finally, we're ready to export some certificates. The "Export" button on
the Export page does all that the "Test" button does, but in addition the certification data is
saved on the Babacus server. The procedure will take a few minutes. After
the export is completed, a diagnostic window may appear detailing any errors that may have been found
in the transmitted certifications.
Automatic transfers
Once satisfied that the Export Tool is working correctly, check the "Export automatically every 24 hours" box
on the main window. This will schedule a transfer to Babacus at the time you specified in the
main window. Once you've started the timer, the Export Tool window can be closed; it's not
required for the automatic uploads. To stop the timer and thereby stop the automatic exports, uncheck the "Export automatically every 24 hours" box.
Since automatic transfers run in the background, they will not report any errors to you directly. However, the Export tool
saves a summary of each automatic transfer to the Event Log of your computer. The Event Log can be viewed with Windows' Event Viewer by pressing the
"Event Log" button. Once the Event Viewer has started, navigate to the "Applications" log and search for the source
"BabacusExport".