USP Server Windows Installation
This guide details the steps required to install the USP Server on Windows using the provided installer.
Prerequisites
- Administrator privileges on the Windows host where USP Server will be installed.
- Certificates are required to enable USP Manager and USP Server mTLS authentication: a Certificate Authority (CA) certificate trusted by both components, and a TLS certificate with its corresponding private key for each component.
If you prefer to use self-signed certificates, refer to the mTLS Certificates Generation Guide for instructions on generating them. Note that the guide uses a single self-generated CA certificate to sign both the USP Server and USP Manager TLS certificates. While this simplifies setup, it differs from typical production practices.
Installation
1. Get the Windows installer
To obtain the installation package, contact your Stonebranch representative. If you do not have a representative, reach out to support@stonebranch.com.
2. Install the package
Run the UDMG Server installer and follow the prompts in the installation wizard to complete the installation.
Select the desired installation path or accept the default (C:\Program Files\Stonebranch\USP Server\).
3. Confirm creation of configuration file
The USP Server uses a configuration file located at C:\Program Files\Stonebranch\USP Server\usp-server.hcl.
To verify that this file was created correctly, run the following commands:
cd "C:\Program Files\Stonebranch\USP Server\"
dir
4. Set the USP Server's configuration file
All files that are going to be used by USP Manager need to be owned by the appropriate user and group (udmg). For more information, refer to File Ownership and Permissions.
Set the following arguments in the USP Server Configuration File:
# Unique identifier for this USP Server instance.
# Must match exactly the Name field defined in the corresponding Proxy Server configuration.
# Info note below links to more details.
name = "usp-server-1"
web {
# TLS/SSL configuration for HTTPS (all fields required).
tls {
# Absolute path to the USP Server's TLS certificate used for mTLS authentication with the USP Manager.
cert = "C:\\Program Files\\Stonebranch\\USP Server\\certificates\\usp-server-1.crt" # Use this if you followed the mTLS Certificates Generation Guide.
# Absolute path to the USP Server's private key used for mTLS authentication with the USP Manager.
key = "C:\\Program Files\\Stonebranch\\USP Server\\certificates\\usp-server-1.key" # Use this if you followed the mTLS Certificates Generation Guide.
# Absolute path to the trusted CA certificate used to validate the USP Client in mTLS authentication.
ca = "C:\\Program Files\\Stonebranch\\USP Server\\certificates\\usp-server-ca.crt" # Use this if you followed the mTLS Certificates Generation Guide.
}
}
log {
# Specify a file path to write logs to a dedicated log file.
path = "C:\\Program Files\\Stonebranch\\USP Server\\log\\usp-server.log"
}
For more context on how the name value is used, see Proxy Servers.
For a complete list of available configuration parameters, refer to USP Server Configuration File.
5. Enable and start the USP Server service
On Windows, "enabling" the USP Server service means configuring it to start automatically when the system boots. You do this by setting the service StartupType to Automatic with the following command:
Set-Service -Name "usp-server" -StartupType Automatic
Then, start the service:
Start-Service -Name "usp-server"
6. Verify installation
Ensure that the service starts without errors by checking its status with the following command:
Get-Service "usp-server" | Select Name, Status, StartType
If you encounter any issues during installation, refer to our Troubleshooting for solutions to the most common problems.