------ README ------ Date: July 2003 Update: P510A-01A with GSKIT 6.0.5.34 Component: SSL for IBM Directory Server (IDS) version 5.1 General description: The version of GSKIT provided with IBM Directory Server 5.1 does not correctly operate for creating a new key database file. This archive includes an updated GSKIT. The updated GSKIT corrects the problem and allows for creating new key database files. Platforms(s): The GSKIT provided is the SSL component for IBM Directory Server. GSKIT will operate on each AIX platform supported by the IDS 5.1. The IBM Directory Server Installation and Configuration Guide identifies the specific AIX platforms and the platform dependent requirements for IDS 5.1. Applying the update: The set of instructions below include commands which are to be invoked from a korn shell command prompt. Also, the commands are to be invoked by the root user. As root, obtain a korn shell command prompt window before proceeding. 1. For each machine targeted to receive the interim fix, make sure the IDS server is stopped. Also, make sure any application which dynamically links to the SSL shared libraries has stopped. After stopping the IDS server and other applications, you must issue the command slibclean to unload shared libraries from memory. 2. The provided archive is named P510A-01A.tar.Z. Place the archive into a temporary folder which is empty and issue the commands identified below: # zcat P510A-01A.tar | tar -xf - # smitty The archive includes the gskak.rte installp image, this readme file, and a usable .toc file. 3. Make the menu and input selections identified below. Software Installation and Maintanence Install and Update Software Install and Update from LATEST Available Software Input Device . The current point is now the menu titled: Install and Update from LATEST Available Software Make the selections appropriate for your installation, then hit the enter key twice. Installation will proceed. 4. If the installation indicates success (OK), exit from smitty (F10). You should now be at the korn shell command prompt. Successful installation can be verified by issuing the command identified below: # gsk6ver What will result is a long sequence of lines, and the final set of lines are seen as: KJNI ============ @(#)CompanyName: IBM Corporation @(#)LegalTrademarks: IBM @(#)FileDescription: IBM Global Security Toolkit @(#)FileVersion: 6.0.5.34 (etc) If the lines are seen, the GSKIT 6 package has been installed correctly. After successful installation, the IDS server and other applications terminated to apply the update can be restarted. Uninstalling the update: If there is a requirement to return to the previous version of GSKIT, contact IDS Support personnel to obtain the previous version of GSKIT and the procedure to install the previous version. Issues which can be encountered: Using gsk6ikm, at the point of creating a self-signed certificate, it is possible to encounter a java exception, with the exception text as stated below: "com.ibm.gsk.ikeyman.basic.KeyStoreManagerException, class com.ibm.crypto.provider.RSAKeyFactory configured for KeyFactory (provider: null) cannot be accessed" The problem occurs if the file ibmjcaprovider.jar is accessible by way of the $JAVA_HOME/jre/lib/ext directory or the CLASSPATH environment variable. It is not sufficient to comment out the package reference in the java.security file. It is necessary to make the ibmjcaprovider.jar file inaccessible using any of the two mentioned paths. The package reference in the java.security file is: security.provider.=com.ibm.crypto.provider.IBMJCA Addendum: The filesize for the installp file: gskak.rte 11046912 The sum -r value for the installp file: gskak.rte 57474 ------------- END OF README -------------