Ion/Catalyst/Proton Versions 4.3 and above
This KB provides guidance on how to install Browsium products on machines without internet access. If this guidance is not followed before installers are started, you may notice one of the following two errors:
1. A file that is required cannot be installed because the cabinet file disk1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.
2. The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 12007.
There are situations where Browsium installers especially BCMS and Client need to be installed on the machines without Internet Access. For the sake of simplicity, we will focus on steps needed to install BCMS in an evaluation configuration.
Other than prerequisites, Proton Full version would also need to follow similar steps detailed here. Because the Full version has a lot of configuration options, we recommend contacting Browsium Support to tailor the instructions for your specific environment.
At a high level, the following steps need to be followed:
1. Ensure existence of the Root Certificates to validate the digital signatures.
2. Install Prerequisites for BCMS Server.
Browsium Installers and binaries are signed and time-stamped like any other products and their digital signatures are verified by windows before executing them. The signature verification process in Windows involves outbound access to Certification Authorities if the information doesn’t exist on the local machine. Browsium products are dependent on following two Root Certificates for 4.8.1 and earlier.
1. The UserTrustNetwork Cert Issued to AddTrust External CA Root with thumbprint – 02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4 5b 68 85 18 68
2. VeriSign Universal Root Certification Authority with thumbprint – 36 79 ca 35 66 87 72 30 4d 30 a5 fb 87 3b 0f a7 7b b7 0d 54
For 4.8.2 and above, import the following certificates instead:
1. Go Daddy Root Certificate Authority – G2 with thumbprint – 47 be ab c9 22 ea e8 0e 78 78 34 62 a7 9f 45 c2 54 fd e6 8b
2. Go Daddy Secure Certificate Authority – G2 with thumbprint – 27 ac 93 69 fa f2 52 07 bb 26 27 ce fa cc be 4e f9 c3 19 b8
While it’s possible to obtain these certificates directly from their respective websites, the following steps detail one of the easier and more secure ways to obtain them:
1. Install Browsium Client on any machine with Internet access.
2. Open CertMgr.msc and navigate to “Trusted Root Certification Authorities” and “Certificates” under it.
3. During Browsium Client installation, Windows ensures ensures both the above root certificates are downloaded to the local certificate store.
4. Select both the certificates (ensuring the right thumbprint) and invoke Export action under All Tasks. Export each certificate as a type .P7B (Cryptographic Message Syntax Standard – PKCS #7) making sure to check ‘Include all certificates in the certification path if possible’.
5. Now on a machine without internet access, right click on the generated .P7B file and select ‘Install certificate’ using all default options to install the certificates into the new machine.
You will need the following for all BCMS installations in an offline/restricted network environment:
1. SQL CLR Types (x86) found in SQL Server 2012 Feature Pack 1 – https://www.microsoft.com/en-us/download/details.aspx?id=35580 (Used on x64 as well)
2. SQL Server 2012 SMO (x86) – http://go.microsoft.com/fwlink/?LinkID=239658&clcid=0x409 (Used on x64 as well)
3. URL Rewrite Module for IIS – https://www.iis.net/downloads/microsoft/url-rewrite
If you are looking to set up a one-box BCMS test environment, you’ll need the following pre-requisites as well:
2. IIS Express 7.5 or higher – https://www.microsoft.com/en-us/download/details.aspx?id=1038
3. 2012 SQL Express SP2 or higher – https://www.microsoft.com/en-us/download/details.aspx?id=43351