Welcome, Guest Login

Support Centre

mkryptor SATELLITE installation

Last Updated: Sep 06, 2013 05:36PM BST


mkryptor SATELLITE is an ASP.NET web app. It provides additional functions to the mkryptor service, such as a secure reply portal, customer fact/password management, etc. The web app installs as an IIS virtual directory, which means you can easily add it on to any existing web site, without requiring a new site/server.


Before you begin you will need the following installed and configured:
  • An installed and configured copy of mkryptor server
  • Microsoft Windows Server 2008 or greater 
    • It is also possible to use Windows 7 with personal web server, but this configuration is not supported
  • Microsoft Internet Information Services (IIS) 7 or later
  • IIS 6 Metabase Compatability feature enabled
    • This is a 'Role feature' for the Web server role
  • .NET Framework 4 Full
  • An available SSL website configured in IIS that is accessible from the internet. It is advisable to use an SSL certificate from a recognised authority (i.e., not a self-signed cert)
  • If there is a firewall between your mkryptor service server, and the satellite server, ensure that there is an open and available TCP port for the satellelite to use for communication with the mkryptor service

Step 1 - Configure mkryptor service settings

  • On your mkryptor server, open the mkryptor configuration manager
  • Go to the Security tab
  • At the bottom of the window is a section titled Satellite Services.
  • Change the following settings in this section:
    • Enable Secure Replies - Ensure this box is checked
    • Enable Password Changes - Check this box to enable the Recipient password/fact management feature
    • Satellite External URL - This should be the public link that recipients will connect to for satellite services (secure replies, etc). It will usually be the SSL website that you've chosen in the prerequisites followed by /Satellite (see later in step 3 if you wish to use a different virtual directory name). E.g., https://www.yourdomain.com/Satellite
    • Communication Method - Select HTTP Service
    • HTTP Listener URL - This will be the internal URL that the satellite web app uses to communicate with mkryptor. It should begin http://, can contain either an IP address or FQDN and end :XXXX, where XXXX is the TCP port number that you chose in your prerequisites. E.g., http://machinename.local:8372
    • Encryption Key - This can be any string of characters that you like. It is used to salt the AES256 encryption code used for communication between this mkryptor service and the satellite web app. This ensures that nobody can snoop on the connection. Note: If you have multiple mkryptor servers and satellite servers operating in redundant pairs, ensure that you use the same encryption key for all of them.
IMPORTANT: Once set, the encryption key cannot be easily changed, so choose a good, strong key of decent length first time.
  • Click Save and restart the mkryptor service for the settings to take effect

Step 2 - Create an Application Pool

The mkryptor satellite web app should be run it its own app pool. This is not only to prevent possible interference between the satellite web app and other websites/applications on the IIS server, but also because the mkryptor satellite needs some special permissions to write to the Windows Event Log.
  • Open IIS Manger
  • Browse to the Application Pools node and add a new Application Pool
  • Give the new Application Pool a name of mkryptor satellite
  • Select .NET Framework 4.0 for the .NET Framework version
  • Select Integrated as the Pipeline mode
  • Right-click on the new mkryptor satellite application pool in the list and select 'Advanced Settings...'
  • In the Advanced Settings window locate the Process Model section, then click on Identity
  • The default identity is ApplicationPoolIdentity. This needs to be changes to LocalSystem
    • Click the ... button next to ApplicationPoolIdentity
    • Under Built-in account:  drop-down the list and select LocalSystem
    • Click OK to set the identity, then click OK again to dismiss the Advanced Settings‚Äč window
  • The new App Pool should now be configured

Step 3 - Install the mkryptor SATELLITE web app

  • Download the latest copy of the mkryptor SATELLITE installer (msi) from the fresh skies website
  • On the machine that you wish to install the satellite on, run the installer (i.e., double-click the .msi file)
  • Follow through the installer, you will be asked to provide 3 bits of information.
  • For the Website, choose which IIS site you want to install the satellite under
Note: As per the prerequisites, this site should have a publicly (internet) accessible SSL binding already configured. Because the mkryptor satellite installs as a Virtual Directory, it is safe to use an existing site, such as your public website.
  • For the Virtual Directory it is recommended to keep the default "Satellite", but you can put something else here if you need to
The url of your satellite site will be <Site>/<Virtual Directory>, e.g., if your external site binding is www.yourcompany.com and you set Virtual Directory to Satellite, then your satellite address will be https://www.yourcompany.com/Satellite
  • For the application pool, choose the app pool that you created in Step 2 (i.e., mkryptor satellite)
  • Click next and finish off the installer

Step 4 - Configure Satellite

There are a few basic settings that you need to configure in the Satellite website. This is to tell the Satellite how to communicate with the mkryptor service.
  • First, find the root folder for the website that you have installed the Satellite virtual director under. E.g., if you have used the default website then you'll usually find this at c:\Inetrpub\wwwroot.
  • In this folder you will find a new folder named Satellite.
  • Open the Satellite folder
  • Inside the Satellite folder, locate the file named web.config and open it in your favourite text editor
  • Towards the end of the file, locate the section titled <appSettings>
  • You will need to fill in the values for the following settings:
    • BounceAddress - This should be the same as the Admin address on your mkryptor service
    • SenderAddress - This should be the same as the Admin address on your mkryptor service
    • SatelliteChannel - This should be the same as the HTTP Listener URL set on the Security tab in the configuration manager for your mkryptor service (see Step 1)
    • SatelliteEncryptionKey - This should be the same as the Encryption Key set on the Security tab in the configuration manager for your mkryptor service (see Step 1)

Auto-decrypt Secure Replies

Once you have the Satellite Services configured, see this article to turn on auto-decryption of secure replies
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found