Abstract
Readme documentation for IBM® Security® Key Lifecycle Manager for Distributed Platforms, Version 2.5.0 Fix Pack 1 including installation-related instructions, prerequisites and corequisites, and a list of fixes. All IBM Security Key Lifecycle Manager for Distributed Platforms fix packs are cumulative. This fix pack contains the content of all prior fix packs published to date.
Fix Pack Publication date : 20 February 2014
Last modified date : 17 February 2014
Contents
Platform
support
Download locations
Prerequisites
and corequisites
Known issues
Known
limitations
Updates to CLI
commands
Installation information
Installing
the IBM Security Key Lifecycle Manager fix pack
Prior
to fix pack installation
Performing the
necessary tasks after fix pack installation
List of
Fixes and Features
Copyright and trademark
information
Document change history
|
IBM Security Key Lifecycle Manager Version 2.5.0 platforms supported |
|---|
|
AIX Version 6.1 64-bit |
|
AIX Version 7.1 64-bit |
|
Red Hat Enterprise Linux Version 5 update 4 on x86 64-bit in 32-bit mode |
|
Red Hat Enterprise Linux Version 6 update 3 on x86 64-bit in 32-bit mode |
|
Red Hat Enterprise Linux Version 5 update 4 (System z) on x86 64–bit mode |
|
Red Hat Enterprise Linux Version 6 update 3 (System z) on x86 64–bit mode |
|
SuSE Linux Enterprise Server Version 10 on x86 64–bit |
|
SuSE Linux Enterprise Server Version 11 on x86 64–bit mode |
|
SuSE Linux Enterprise Server Version 11 (System z) on x86 64–bit mode |
|
Sun Server Solaris 10 (SPARC 64–bit in 32-bit mode) |
|
Windows Server 2008 R2 (64-bit in 32-bit mode for all Intel and AMD processors) Standard Edition |
|
Windows Server 2008 R2 (64-bit in 32-bit mode for all Intel and AMD processors) Enterprise Edition |
|
Windows Server 2012 (64-bit in 32-bit mode for all Intel and AMD processors) Standard Edition |
IBM Security Key Lifecycle Manager Version 2.5.0 has been certified to run on the following virtual environments. The platform running within the virtual machine must be supported by the virtual platform server and Security Key Lifecycle Manager Version 2.5.0(see "platforms supported" table).
|
IBM Security Key Lifecycle Manager Version 2.5.0 virtual platforms supported |
|---|
|
VMWare ESX/ESXi Server Versions 4.0, 5.0, 5.1 and 5.5 |
|
Red Hat Enterprise Virtualization/Kernel-Based Virtual Machine (RHEV/KVM) Version 5.4 |
Download IBM Security Key Lifecycle Manager Version 2.5.0 Fix Pack from IBM Fix Central:
Go to IBM Fix Central Home Page, http://www.ibm.com/support/fixcentral/
For the Product Group, select "Security Systems"
For the Product, select "IBM Security Key Lifecycle Manager"
For Installed Version, select your system's appropriate version level, ie. 2.5.0.0
For Platform, select the appropriate platform. Choose "Continue"
At the Identify Fixes page, select the "Browse for Fixes" radio button (default) and choose "Continue".
At the Select Fixes page, choose "Fix Pack 2.5.0-ISS-SKLM-FP0001". Choose "Continue".
You may be prompted to "Sign In". If you do not have an ID, click on the "register now" link and follow the register steps as appropriate.
At the Download Options page, choose a download method. (default is "Download using Download Director")
Select the associated files and README for Fix Pack 2.5.0-ISS-SKLM-FP0001 and select "Download now".
Platforms updated by this fix pack
For current version 2.5.0 installations: This fix pack can be installed on systems with IBM Security Key Lifecycle Manager Version 2.5.0 GA
Prerequisites and corequisites
IBM Security Key Lifecycle Manager Version 2.5.0 GA must be installed.
While using silent mode installation, if installaion has failed due to wrong repository path in response file then user may see following warnings:
CRIMA1002W WARNING: The following repositories are not connected:
<old repository path>
Failed to connect to one or more repositories. The repository might be unavailable for several reasons.
Check the repository is correct and accessible by verifying the following:
Verify all the repositories location is correct and available.
In case repositories require credentials, verify the credentials are correctly set in the repositories preference.
Verify if the network connection is available. For environments that use firewalls, verify that access to the repository location is available.
For environments that use proxies, verify the proxy settings are correctly set in the HTTP/FTP preference.
Update offerings require that base offerings be available. Verify the base offering is available in a repository. Use the listAvailablePackages command to view the packages available in a repository.
While using IBM Passport Advantage site, verify the connection to the site. Also verify the Passport Advantage connection in the Passport Advantage preference.
While using silent mode rollback, user may see warnings like:
WARNING: Problem at line 5, column 90: unexpected element <data> in profile.
User can safely ignore these warnings.
On Windows platform, after FixPack uninstallation (rollback), WAS service will be in stop state and user needs to start it.
Steps to start WAS server is:
cd C:\Program Files (x86)\IBM\WebSphere\AppServer\bin
startServer.bat server1
tklmServedDataList: APAR IV16269 added a new option in
tklmServedDataList command to specify the number of entries that
will be displayed. This new option is outputCount.
If outputCount
is 0 (zero), SKLM will display all the entries. If outputCount is
not specified, SKLM will display 2000 entries. For example: print
AdminTask.tklmServedDataList ('[-outputCount 3000]') will display
3000 audit entries.
Note:When setting a large outputCount
value or zero, and you have a large number of audit entries, the
wsadmin process may timeout.
Installing the IBM Security Key Lifecycle Manager Fix Pack
Prior to fix pack installation
Ensure that IBM Security Key Lifecycle Manager is not being utilized before installing the fix pack. If your facility has a "service maintenance outage" process, consider installing this fix pack during an arranged service outage.
A backup of your IBM Security Key Lifecycle Manager server should be performed prior to installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.
Backup Websphere Application Server files on Windows platforms
|
Instruction |
Command |
|---|---|
|
Open a command prompt. |
Click the Start button, Click Run, type cmd and Click the OK button. |
|
Stop the Websphere Application Server |
WAS_HOME\bin\stopServer.bat server1 -username [WAS_ADMIN] -password [WAS_PASSWORD] |
|
Make a temporary directory |
mkdir [WAS_BACKUP_DIRECTORY] |
|
Change to the temporary directory |
cd c:\wasbackup |
|
Copy the files from the directory where Websphere Application Server files is installed |
xcopy /y /e /d %WAS_HOME% c:\wasbackup |
|
Start the Websphere Application Server |
%WAS_HOME%\bin\startServer.bat server1 |
Backup Websphere Application Server files on AIX, Solaris, and Linux platforms
|
Instruction |
Command |
|---|---|
|
Open a ksh or bash shell. |
if your default shell is not ksh or bash, run "exec ksh" or "exec bash". |
|
Stop the Websphere Application Server |
$WAS_HOME/bin/stopServer.sh server1 -username [WAS_ADMIN] -password [WAS_PASSWORD] |
|
Make a temporary directory |
mkdir [WAS_BACKUP_DIRECTORY] |
|
Change to the temporary directory |
cd /tmp/wasbackup |
|
Archive the files from the directory where Websphere Application Server is installed |
tar -cvf wasbackup.tar $WAS_HOME/* |
|
Start the Websphere Application Server |
$WAS_HOME/bin/startServer.sh server1 |
|
Instruction |
Steps |
|---|---|
|
Make a repository directory |
Open a command prompt.Make a repository directory.
|
|
Change directory to the directory created. |
|
|
Download the SKLM fix pack into the repository directory. |
|
|
Extract the downloaded file |
|
Steps for installing Fix Pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix platforms in GUI mode
|
Instruction |
Steps |
|---|---|
|
Start Installation Manager in GUI mode |
|
|
Set up the fix pack repository preference |
|
|
Select the SKLM software package group |
|
|
Provide credentials for |
In the Update Packages Configuration for IBM Security Key Lifecycle Manager v2.5.0.1
|
|
Click on Update button |
In the Update Packages > Summary panel, |
Steps for installing a fix pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix platforms in silent mode
|
Instruction |
Steps |
|---|---|
|
Installation Manager utility to encrypt the passwords for users as required |
Open a command window, and change to the Installation_Manager_Home/eclipse/tools directory,
Run the following command to generate an encrypted password: Run the following command to generate an encrypted password: |
|
Make a backup of response file |
For example: SKLM_Silent_Update_<platform>_Resp_original.xml |
|
Edit the response file. |
Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml"
Edit the silent response file "SKLM_Silent_Update_<platform>_Resp.xml" |
|
Install the fix pack |
|
|
Check logs for fix pack installation success |
View the log file output produced for fix pack installation success |
Performing
the necessary tasks after fix pack installation.
Verify Installation - Run the wsadmin AdminTask.tklmVersionInfo() command
Open a shell (ksh or bash)
Type: cd <WAS_HOME>/bin/
Type: ./wsadmin.sh -lang jython -username <sklmadminUserID> -password <sklmadminPassword>
example: ./wsadmin.sh -lang jython -username sklmadmin -password sklmpassword
At the wsadmin> prompt type: print AdminTask.tklmVersionInfo()
Windows users:
Open a command prompt.
type cd <WAS_HOME>\bin
type: wsadmin -lang jython -username <sklmadminUserID>-password <sklmadminPassword>
example: wsadmin.bat -lang jython -username sklmadmin -password sklmpassword
At the wsadmin> prompt type: print AdminTask.tklmVersionInfo()
Check the output of the tklmVersionInfo command:
IBM Security Key Lifecycle Manager Version = 2.5.0.1
IBM Security Key Lifecycle Manager Build Level = 201402040817
A backup of your IBM Security Key Lifecycle Manager server should be performed after installing this fix pack. Follow the steps Backing up critical files in the Administering section of the IBM Security Key Lifecycle Manager Product Manuals.
Steps for uninstalling fix pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix platforms in GUI mode
|
Instruction |
Steps |
|---|---|
|
Start Installation Manager in GUI mode |
|
|
Select Rollback |
On the Installation Manager home page, click Roll Back. |
|
Select the SKLM software package group |
|
|
Provide credentials for WAS User ID |
In the Roll back Packages Websphere Administrator window Enter Username and Password for Application Server Administrator Click on Next button |
|
Click on Roll Back button |
Click on Roll Back button In the Roll Back Packages > Summary panel, |
Steps for uninstalling a fix pack for IBM Security Key Lifecycle Manager version 2.5.0 on Windows and Unix platforms in silent mode
|
Instruction |
Steps |
|---|---|
|
Installation Manager utility to encrypt the passwords for users as required |
Open a command window, and change to the Installation_Manager_Home/eclipse/tools directory,
Run the following command to generate an encrypted password: Run the following command to generate an encrypted password: |
|
Make a backup of response file |
For example: SKLM_Silent_Rollback_<platform>_Resp_original.xml |
|
Edit the response file |
Edit the silent response file "SKLM_Silent_Rollback__<platform>_Resp.xml"
Edit the silent response file "SKLM_Silent_Update_Linux_Resp.xml" |
|
Uninstall the fix pack |
|
|
Check logs for fix pack installation success |
View the log file output produced for fix pack installation success |
New Features Provided by Version 2.5.0.1
|
Added KMIP 1.2 Support |
|
Added support for JSON and XML encodings |
APAR fixes included in Fix Pack 1
|
APAR No. |
Sev. |
Abstract |
|---|---|---|
|
3 |
ON AIX PLATFORM RESTORE OPERATION FAILS DUE TO FILE PERMISSION ISSUE |
|
|
3 |
CERTIFICATE ASSOCIATED WITH JAG DEVICE CANNOT BE REMOVED |
|
|
3 |
ADDING A DEVICEGROUP FROM REST FOR DEVICEFAMILY GPFS FAILS |
|
|
3 |
WHEN WE LIST DEVICEGROUPS FROM REST/CLI IT DOES NOT LIST GPFS |
|
|
3 |
USING REST WHEN WE LIST DEVICEGROUPS FOR ANY TYPE IT DOES NOT LIST 2000 RECORDS |
|
|
3 |
REST SERVICE ATTRIBUTE NAME "ADDNEWCERTSTOPENDING" IS INCORRECTLY DISPLAYED AS "DEVICE.ADDNEWCERTSTOPENDING" |
|
|
3 |
THE SKLM V2.5 "SILENT INSTALL" METHOD REQUIRES ENCRYPTED PASSWORDS IN THE SKLM_RESPONSE FILE. |
|
|
1 |
SKLMADMIN GUI LOGIN GETS WHITE SCREEN USING IE9 |
|
|
1 |
SECURITYKEYLIFECYCLEMANAGER_WAS.INIT FILE CONTAINS PASSWORD FOR WAS ADMIN'S USERID IN CLEAR TEXT ON LINUX SYSTEM |
|
|
2 |
INSTALL OF 2.5 FAILS WITH ERROR COMPLAINING ABOUT NOT ENOUGH SPACE IN FILE SYSTEM EVEN AFTER PREREQ CHECKING PASSED |
|
|
2 |
THE 2.5 DOCUMENTATION INCORRECTLY REFERENCES THE REPLICATION PROPERTIES FILE AS REPLICATIONSKLMGRCONFIG.PROPERTIES |
|
|
2 |
ECDSA ALGORITHM SHOULD NOT BE ALLOWED FOR 3592 OR DS8000 DEVICE GROUPS FROM REST INTERFACE |
Copyright and trademark
information
http://www.ibm.com/legal/copytrade.shtml
Notices
INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer
of express or implied warranties in certain transactions, therefore,
this statement may not apply to you.
This information could
include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make
improvements and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.
Microsoft, Windows, and Windows Server are trademarks of
Microsoft Corporation in the United States, other countries, or both.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel
Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep,
Itanium, and Pentium are trademarks or registered trademarks of Intel
Corporation or its subsidiaries in the United States and other
countries.
Other company, product, or service names may be
trademarks or service marks of others.
THIRD-PARTY LICENSE
TERMS AND CONDITIONS, NOTICES AND INFORMATION
The license
agreement for this product refers you to this file for details
concerning terms and conditions applicable to third party software
code included in this product, and for certain notices and other
information IBM must provide to you under its license to certain
software code. The relevant terms and conditions, notices and other
information are provided or referenced below. Please note that any
non-English version of the licenses below is unofficial and is
provided to you for your convenience only. The English version of the
licenses below, provided as part of the English version of this file,
is the official version.
Notwithstanding the terms and
conditions of any other agreement you may have with IBM or any of its
related or affiliated entities (collectively "IBM"), the
third party software code identified below are "Excluded
Components" and are subject to the following terms and
conditions:
the Excluded Components are provided on an "AS IS" basis
IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
IBM will not be liable to you or indemnify you for any claims related to the Excluded Components
IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components.
|
Change Date |
Reason |
Modified by |
|---|---|---|
|
11/02/14 |
Create initial draft for 2.5.0-ISS-SKLM-FP0001 |
PSR |
|
17/02/14 |
Upadted with review comment |
PSR |