Installing Delinea Credentials Cache on Linux

This topic describes how to install and configure Delinea Credentials Cache on Linux. The following steps cover downloading the package, installing the .NET runtime, creating a systemd service, and setting up Apache HTTP Server as a reverse proxy.

These instructions apply to Ubuntu Linux and Red Hat Enterprise Linux (RHEL). Where steps differ between distributions, both variants are shown.

Prerequisites

Before you begin, ensure the following requirements are met:

  • Root or sudo privileges on the Linux host.

  • Network access to the Delinea marketplace download server and to your Secret Server or Delinea Platform instance.

  • Apache HTTP Server (apache2 on Ubuntu, httpd on RHEL) available for installation.

For Linux-specific configuration, see Configuring Delinea Credentials Cache on Red Hat Enterprise Linux or Configuring Delinea Credentials Cache on Ubuntu Linux.

Step 1: Download and Extract the Package

To download and extract the Delinea Credentials Cache package for Linux:

  1. Download the Linux package (a zip archive).

  2. Create a directory for Delinea Credentials Cache and extract the archive into it:

    mkdir credcache

    unzip DelineaCredentialCache_Linux.zip -d ~/credcache

Step 2: Install the .NET Runtime

Delinea Credentials Cache requires the ASP.NET Core runtime. Follow the steps for your Linux distribution.

Ubuntu Linux

Open a command prompt with root privileges and run the following commands in order:

  1. Get the Ubuntu version:

    declare repo_version=$(if command -v lsb_release &> /dev/null; then lsb_release -r -s; else grep -oP '(?<=^VERSION_ID=).+' /etc/os-release | tr -d '"'; fi)

  2. Download the Microsoft signing key and repository:

    wget https://packages.microsoft.com/config/ubuntu/$repo_version/packages-microsoft-prod.deb -O packages-microsoft-prod.deb

  3. Install the Microsoft signing key and repository:

    sudo dpkg -i packages-microsoft-prod.deb

  4. Clean up the downloaded file:

    rm packages-microsoft-prod.deb

  5. Install the ASP.NET Core runtime:

    sudo apt install aspnetcore-runtime-8.0

Red Hat Enterprise Linux (RHEL)

Open a command prompt with root privileges and run the following commands in order:

  1. Import the Microsoft signing key:

    sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

  2. Add the Microsoft .NET repository:

    sudo tee /etc/yum.repos.d/dotnet-sdk.repo << EOF

    [microsoft-dotnet]

    name=Microsoft dotnet

    baseurl=https://packages.microsoft.com/rhel/8/prod/

    enabled=1

    gpgcheck=1

    gpgkey=https://packages.microsoft.com/keys/microsoft.asc

    EOF

    If you are using RHEL 7, replace rhel/8 with rhel/7 in the baseurl line.

  3. Install the ASP.NET Core runtime:

    sudo yum install aspnetcore-runtime-8.0

Step 3: Create a systemd Service

Create a systemd service so that Delinea Credentials Cache runs in the background and restarts automatically if it stops.

  1. Create the service configuration file:

    sudo nano /etc/systemd/system/credcache.service

  2. Insert the following content. Replace the WorkingDirectory and ExecStart paths with the actual location of your extracted package, and replace yourusername with the user account that will run the service.

    [Unit]

    Description=Delinea Credential Cache

    After=network.target

    [Service]

    WorkingDirectory=/home/ubuntu/credcache

    ExecStart=/usr/bin/dotnet /home/ubuntu/credcache/DelineaCredentialCache.dll

    Restart=always

    RestartSec=10

    SyslogIdentifier=delineacredcache

    User=yourusername

    Environment=ASPNETCORE_ENVIRONMENT=Production

    [Install]

    WantedBy=multi-user.target

  3. Press Ctrl + O to save the file, press Enter, then press Ctrl + X to exit.

  4. Reload the systemd daemon to register the new service:

    sudo systemctl daemon-reload

  5. Start the service:

    sudo systemctl start credcache.service

  6. Enable the service to start automatically on boot:

    sudo systemctl enable credcache.service

  7. Verify that the service is running:

    sudo systemctl status credcache.service

To stop the service when required, run sudo systemctl stop credcache.service.

Step 4: Set Up Apache HTTP Server as a Reverse Proxy

Delinea Credentials Cache listens on a local port. Apache HTTP Server acts as a reverse proxy to expose the service over HTTP or HTTPS. Follow the steps for your Linux distribution and protocol.

Ubuntu Linux — HTTP

  1. Install Apache HTTP Server:

    sudo apt install apache2

  2. Create the configuration file:

    sudo nano /etc/apache2/sites-available/credcache.conf

  3. Insert the following content. Replace your-domain.com with your server name.

    <VirtualHost *:80>

    ServerName your-domain.com

    ProxyPass / http://localhost:8080/

    ProxyPassReverse / http://localhost:8080/

    </VirtualHost>

  4. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  5. Enable the proxy modules:

    sudo a2enmod proxy

    sudo a2enmod proxy_http

  6. Enable the site:

    sudo a2ensite credcache

  7. Restart Apache HTTP Server:

    sudo systemctl restart apache2

Ubuntu Linux — HTTPS

  1. Install Apache HTTP Server and OpenSSL:

    sudo apt install apache2

    sudo apt-get update && sudo apt-get install openssl

  2. Create an OpenSSL configuration file:

    sudo nano /etc/ssl/openssl2.cnf

  3. Insert the following content. Replace the commonName, DNS.1, and IP.1 values with the fully qualified domain name and IP address of your Linux computer.

    [req]

    default_bits = 2048

    default_keyfile = localhost.key

    distinguished_name = req_distinguished_name

    req_extensions = req_ext

    x509_extensions = v3_ca

    [req_distinguished_name]

    commonName = your-host.your-domain.com

    commonName_default = your-host.your-domain.com

    commonName_max = 64

    [req_ext]

    subjectAltName = @alt_names

    [v3_ca]

    subjectAltName = @alt_names

    [alt_names]

    DNS.1 = your-host.your-domain.com

    DNS.2 = localhost

    IP.1 = 0.0.0.0

  4. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  5. Generate a self-signed certificate:

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt -config /etc/ssl/openssl2.cnf

  6. Generate the certificate in PFX format:

    sudo openssl pkcs12 -export -out /etc/ssl/certs/selfsigned.pfx -inkey /etc/ssl/private/selfsigned.key -in /etc/ssl/certs/selfsigned.crt

  7. Create the Apache HTTP Server configuration file:

    sudo nano /etc/apache2/sites-available/credcache.conf

  8. Insert the following content. Replace the server name and file paths if required.

    <VirtualHost *:443>

    ServerName your-host.your-domain.com

    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/selfsigned.crt

    SSLCertificateKeyFile /etc/ssl/private/selfsigned.key

    SSLProxyEngine on

    ProxyPass / http://localhost:5000/

    ProxyPassReverse / http://localhost:5000/

    </VirtualHost>

  9. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  10. Enable the required modules and the site:

    sudo a2enmod proxy proxy_http ssl

    sudo a2ensite credcache

  11. Restart Apache HTTP Server:

    sudo systemctl restart apache2

Red Hat Enterprise Linux — HTTP

  1. Install the required packages:

    sudo yum install httpd mod_proxy mod_proxy_http

  2. Create the configuration file:

    sudo nano /etc/httpd/conf.d/credcache.conf

  3. Insert the following content. Replace your-domain.com with your server name.

    <VirtualHost *:80>

    ServerName your-domain.com

    ProxyPass / http://localhost:8080/

    ProxyPassReverse / http://localhost:8080/

    </VirtualHost>

  4. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  5. Start and restart the httpd service:

    sudo systemctl start httpd

    sudo systemctl restart httpd

Red Hat Enterprise Linux — HTTPS

  1. Install OpenSSL:

    sudo yum install openssl

  2. Create an OpenSSL configuration file:

    sudo nano /etc/ssl/openssl2.cnf

  3. Insert the configuration content as shown in the Ubuntu HTTPS section above, replacing commonName, DNS.1, and IP.1 with your server's values.

  4. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  5. Generate a self-signed certificate:

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt -config /etc/ssl/openssl2.cnf

  6. Generate the certificate in PFX format:

    sudo openssl pkcs12 -export -out /etc/ssl/certs/selfsigned.pfx -inkey /etc/ssl/private/selfsigned.key -in /etc/ssl/certs/selfsigned.crt

  7. Create the HTTPS configuration file:

    sudo nano /etc/httpd/conf.d/ssl.conf

  8. Insert the following content. Replace the server name and file paths if required.

    <VirtualHost *:443>

    ServerName your-host.your-domain.com

    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/selfsigned.crt

    SSLCertificateKeyFile /etc/ssl/private/selfsigned.key

    SSLProxyEngine on

    ProxyPass / http://localhost:5000/

    ProxyPassReverse / http://localhost:5000/

    </VirtualHost>

  9. Press Ctrl + O to save, press Enter, then press Ctrl + X to exit.

  10. Enable the proxy modules and restart httpd:

    sudo yum install mod_proxy mod_proxy_http mod_proxy_ssl

    sudo systemctl start httpd

    sudo systemctl restart httpd

Step 5: Verify the Installation

After completing the setup, confirm that Delinea Credentials Cache is running correctly.

  1. Check the service status:

    sudo systemctl status credcache.service

  2. Open the Swagger UI in a browser to confirm the API is accessible:

    http://your-server/credcache/swagger/index.html

  3. If the page does not load, check the Apache HTTP Server error log:

    Ubuntu: sudo tail -f /var/log/apache2/error.log

    RHEL: sudo tail -f /var/log/httpd/error_log

For detailed validation steps including Event Pipeline verification, see Verification.