|
Problem(Abstract) |
After starting the IBM® Key Management utility, CMS is not
listed as a Key Database type. |
|
|
|
Cause |
The Java™ installation being used (value of JAVA_HOME
environmental variable) is not configured to use CMS. |
|
|
Resolving the
problem |
These instructions assume you have the prerequisites
installed and set:
- GSKit installed
- JDK 1.3.1 or later installed for GSKit 5, or JDK 1.4.1 or
later is installed for GSKit 7
Note: Do not move or delete JARs in a
JDK that another product (for example, WebSphere® Application Server)
depends on. Doing so can break or prevent the dependent product from
operating properly. If you are unsure if the JDK is in use, install a
separate JDK for the IBM Key Management utility.
- JAVA_HOME is set, for example:
export JAVA_HOME =/opt/IBMJava2-141/jre
set JAVA_HOME=C:\Program Files\Java\j2re1.4.0_01)
Complete the following steps:
- Remove or move ibmjsse.jar, gskikm.jar (if any) and ibmjcaprovider.jar
files from your JAVA_HOME/jre/lib/ext directory.
- Modify JAVA_HOME/lib/security/java.security or
JAVA_HOME/jre/lib/security/java.security to add the following GSKit
security provider entries:
security.provider.X=sun.security.provider.Sun
security.provider.X=com.ibm.spi.IBMCMSProvider
security.provider.X=com.ibm.crypto.provider.IBMJCE
For example, if your java.security file currently has the following
listed:
security.provider.1=com.ibm.security.jgss.IBMJGSSProvider
security.provider.2=com.ibm.security.cert.IBMCertPath
modify it to include the required GSKit security providers so that it
looks like the following:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.spi.IBMCMSProvider
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
Note: The numbers located at the end of security.provider.
indicate the order of precedence. Add these three new security providers
as the first three entries, unless another application on your system has
a dependence on the order. If they cannot be listed first, make sure that
sun.security.provider.Sun is listed before
com.ibm.spi.IBMCMSProvider and com.ibm.crypto.provider.IBMJCE.
- Add required GSKit .jar files to the JDK.
Note: GSKit 5 uses JDK 1.3 or 1.4, and GSkit 7 uses JDK 1.4 or later.
For GSkit 5:
Continue to step 4.
For GSKit 7:
Copy JARs to JDK installation directory from GSKIT installation directory.
All JARs are available in GSKit_Installation_path/classes/jre/lib/ext/
JDK 1.4.1:
Copy the following JARs to JAVA_HOME/jre/lib/.
jre/lib/ibmjcefw.jar
jre/lib/ibmpkcs11.jar
Copy the following JARs to JAVA_HOME/jre/lib/ext/.
ibmjceprovider.jar
ibmpkcs.jar
Copy the following JARs to JAVA_HOME/jre/lib/security.
local_policy.jar
US_export_policy.jar
- Start IBM Key Management Utility.
For GSKit 5, type command: gsk5ikm
For GSKit 7, type command: gsk7ikm_gcc295
The CMS key database option is now listed when the IBM Key Management
Utility is started. If it is not, contact 1-800-IBM-SERV for additional
support. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
WebSphere Edge Server |
Caching Proxy |
AIX, Linux, Solaris, Windows 2000, Windows NT |
Edge Server 2.0 GA, Edge Server 2.0 NLV, Edge Server 2.0.x |
|
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|