Command line configuration switches
When using the command line utility to install, configure, upgrade, or uninstall Trust Protection Platform, there are a number of allowed switches. This utility requires you to use an elevated command prompt.
- From the Start menu, search for
CMD
. - In the search results, right-click on Command Prompt, and choose Run as administrator.
The command line argument is:
Command line argument
TppConfiguration.exe < -install:<xml> [-add] | -decrypt:<xml> -password | -encrypt:<xml> -password | -keyimport:<pem> -password | -keyexport:<pem> -password | -uninstall | -hsmpin:<pin> | -dboconfig:<cfg> | -dbgrant:<user> | -sqlconfig:<cfg> | -addtrust:<dll> | -deltrust:<dll> | -help | -enablemmc | -driverpwd:<pw> > [-name:<name>] [-password:<pw>] | -log:<file>]
Some switches require master admin authentication. They are noted in the table below. When you use a switch that requires master admin authentication, you can either:
- Provide the
-username:
and-password:
inline in the command. - Wait until prompted by the application to enter the master admin credentials.
Switch |
Requires auth |
Description |
---|---|---|
|
No |
Shows the online help. |
|
No |
Runs the installer in the mode that adds this Venafi server to an existing Venafi server cluster (servers that share a single database). |
-addtrust:<dll>
|
No |
The path to a custom DLL, allowing it to be added as a trusted resource. For custom development modules, this feature adds the signature of the custom module as trusted resource so the custom features can be added to Trust Protection Platform. |
|
Yes |
Sets the company name for the system. |
|
Yes |
Provides the necessary grants to the Venafi database for the specified user to be an operational database service accounts. This is helpful when using Windows Authentication and users need to launch WebAdmin or Venafi Support Tool. |
|
No |
Allows changing the SQL database owner account connection information from the command line. You can use this, for example, for automated updating of the SQL database owner account password. |
|
Yes |
Decrypts the specified XML file. (Requires |
-deltrust:<dll>
|
No |
Allows you to remove a DLL from being a trusted resource. |
|
Yes |
Sets the deployment type for the system. Allowed values for
|
|
Yes |
Requests to change the service account password of an identity connector. |
|
Yes |
Adds or replaces MMC access grant for the current user. Use |
|
Yes |
Encrypts the specified XML file. (Requires |
|
No |
Shows a help file in the command line window, describing these features and settings. |
|
No |
Allows setting the HSM PIN in an HSM-only environment. This is necessary if the HSM pin has been changed, and needs to be updated in Trust Protection Platform. NOTE When used without the <pin> argument, you will be prompted for the pin. |
-install:<xml>
|
No |
Runs the installer (fresh install if DB is empty; upgrade if DB is not empty) with the configuration options specified in the (unencrypted) answer file. For example, if the answer file is located at
|
-install:<xml> -password:<pw>
|
No |
Runs the installer (fresh install if DB is empty; upgrade if DB is not empty) with the configuration options specified in the answer file, and supplies the password to decrypt the answer file. For example, if the answer file is located at
|
|
Yes |
Exports the default software key. (Requires |
|
Yes |
Imports the default software key. (Requires |
-log:<file>
|
No |
Allows you to override the default location of the log file where the results of the configuration process are stored. If you want to save the log file at
|
|
Yes |
The common name of an identity connector object. |
|
Yes |
Password to be used to read encrypted configuration answer (XML) files. |
|
No |
Allows changing the SQL operational account connection information from the command line. You can use this, for example, for automated updating of the SQL operational account password. |
-uninstall
|
No |
Uninstalls Trust Protection Platform from the Venafi server. Removes Venafi registry values, and backs up settings to a registry file stored in the same folder as the log file. This switch is used by Windows when you use Program Features to uninstall Trust Protection Platform. NOTE This does not remove the .msi. It only removes the websites and registry entries. |
You can combine the switches as needed. For example, here is a command line argument that installs the software on this Venafi Trust Protection Platform server, while connecting to an existing database using a configuration file, and overwriting the default log file location:
TppConfiguration.exe -install:C:\answerfile.xml -add -password:Washington -log:C:\Temp\VenafiLog.txt