Command line configuration switches

When using the command line utility to install, configure, upgrade, or uninstall Trust Protection Platform, there are a number of allowed switches. This utility requires you to use an elevated command prompt.

The command line argument is:

Copy

Command line argument

TppConfiguration.exe < -install:<xml> [-add] | -decrypt:<xml> -password | -encrypt:<xml> -password | -keyimport:<pem> -password | -keyexport:<pem> -password | -uninstall | -hsmpin:<pin> | -dboconfig:<cfg> | -dbgrant:<user> | -sqlconfig:<cfg> | -addtrust:<dll> | -deltrust:<dll> | -help | -enablemmc | -identitypwd:<pw> > [-password:<pw>] | -log:<file>]

Some switches require master admin authentication. They are noted in the table below. When you use a switch that requires master admin authentication, you can either:

  • Provide the -username: and -password: inline in the command.
  • Wait until prompted by the application to enter the master admin credentials.
Switch

Requires auth

Description
-install:<xml>

No

Runs the installer with the configuration options specified in the (unencrypted) answer file.

For example, if the answer file is located at c:\answerfile.xml, this switch would be:

-install:C:\answerfile.xml

-install:<xml> -password:<pw>

No

Runs the installer with the configuration options specified in the answer file, and supplies the password to decrypt the answer file.

For example, if the answer file is located at c:\answerfile.xml, and the decryption password for the file is ExamplePassword, this switch would be:

-install:C:\answerfile.xml -password:ExamplePassword

-add

No

Runs the installer in the mode that adds this Venafi server to an existing Venafi server cluster (servers that share a single database).

-uninstall

No

Uninstalls Trust Protection Platform from the Venafi server. Removes Venafi registry values, and backs up settings to a registry file stored in the same folder as the log file. This switch is used by Windows when you use Program Features to uninstall Trust Protection Platform.

NOTE  This does not remove the .msi. It only removes the websites and registry entries.

-hsmpin:<pin>

No

Allows setting the HSM PIN in an HSM-only environment. This is necessary if the HSM pin has been changed, and needs to be updated in Trust Protection Platform.

NOTE  When used without the <pin> argument, you w

ll be prompted for the pin.

-dboconfig:<cfg>

No

Allows changing the SQL database owner account connection information from the command line. You can use this, for example, for automated updating of the SQL database owner account password.

-dbgrant:<user>

Yes

Provides the necessary grants to the Venafi database for the specified user to be an operational database service accounts. This is helpful when using Windows Authentication and users need to launch WebAdmin or Venafi Support Tool.

-decrypt:<xml>

Yes

Decrypts the specified XML file. (Requires -password)

-encrypt:<xml>

Yes

Encrypts the specified XML file. (Requires -password)

-keyimport:<pem>

Yes

Imports the default software key. (Requires -password)

-keyexport:<pem>

Yes

Exports the default software key. (Requires -password)

-sqlconfig:<cfg>

No

Allows changing the SQL operational account connection information from the command line. You can use this, for example, for automated updating of the SQL operational account password.

-addtrust:<dll>

No

The path to a custom DLL, allowing it to be added as a trusted resource.

For custom development modules, this feature adds the signature of the custom module as trusted resource so the custom features can be added to Trust Protection Platform.

-deltrust:<dll>

No

Allows you to remove a DLL from being a trusted resource.

-help

No

Shows a help file in the command line window, describing these features and settings.

-enablemmc

Yes

Adds or replaces MMC access grant for the current user. Use -username: and -password: to provide Trust Protection Platform user credentials on the command line. Otherwise, you will be prompted for credentials.

-identitypwd:<pw>

Yes

Requests to change the service account password of an identity connector. <pw> is the new password. Uses -prefix, -username, and -password and will prompt if any are omitted.

-log:<file>

No

Allows you to override the default location of the log file where the results of the configuration process are stored. If you want to save the log file at C:\Temp\VenafiLog.txt, the switch would be:

-log:C:\Temp\VenafiLog.txt

You can combine the switches as needed. For example, here is a command line argument that installs the software on this Venafi Trust Protection Platform server, while connecting to an existing database using a configuration file, and overwriting the default log file location:

TppConfiguration.exe -install:C:\answerfile.xml -add -password:Washington -log:C:\Temp\VenafiLog.txt