Setting up iKeyman on Linux PowerPC (for Caching Proxy)
 Technote (troubleshooting)
 
Problem(Abstract)
Step-by-step instructions on how to set-up iKeyman on Linux PowerPC for Caching Proxy
 
Resolving the problem
Before starting the iKeyman GUI, do the following:

1. Install IBM or an IBM-equivalent JDK 1.3; or, if using JDK 1.4, pay attention to special instructions in Step 6a.

2. Set JAVA_HOME to point to the directory where JDK 1.3 is installed; for example:

export JAVA_HOME=/opt/IBMJava2-13 for PowerPC

3. Remove the ibmjsse.jar and the gskikm.jar (if any) and ibmjcaprovider.jar files from your JAVA_HOME/jre/lib/ext directory.

4. Register IBM JCE, IBM CMS, and/or IBMJCEFIPS service providers:

  • For JSSE, you must register the IBMJCE provider as described below:
    Update the JAVA_HOME/jre/lib/security/java.security file to add the IBMJCE provider after the Sun provider. For example:
    -- security.provider.1=sun.security.provider.Sun
    -- security.provider.2=com.ibm.crypto.provider.IBM JCE
    A sample java.security file for JSSE users is located in /usr/local/ibm/gsk6/classes/gsk_java.security.
  • For GSKit, you must register both the IBM CMS and IBM JCE service providers as described below:
    Update the JAVA_HOME/jre/lib/security/java.security file to add both IBM CMS and IBM JCE providers after the Sun provider. For example:
    -- security.provider.1=sun.security.provider.Sun
    -- security.provider.2=com.ibm.spi.IBMCMSProvider
    -- security.provider.3=com.ibm.crypto.provider.IBMJCE
    A sample java.security file can be found in GSKit Installation path\classes\gsk_java.security.
    To enable FIPS operation, you must update the JAVA_HOME/jre/lib/security/java.security file to add IBMCMS, IBMJCE and IBMJCEFIPS providers after the Sun provider. Ensure the IBMJCEFIPS provider is registered at a higher priority than IBMJCE. For example:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.spi.IBMCMSProvider
    security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
    security.provider.4=com.ibm.crypto.provider.IBMJCE

5. This step is optional. If you are using JSSE and use JSSE to access crypto hardware, install the ibmpkcs11.jar in the JAVA_HOME\jre\lib\ext directory and follow the instructions in GSKit Installation path/classes/native/nativesupport. Zip to setup the crypto hardware DLLs.

Note: To register an IBMPKCS11 service provider, an example that updates the JAVA_HOME/jre/lib/security/java.security file is the following:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.crypto.pkcs11.provider.IBMPKCS11

6. If you want to use your own jce jar files, go to Step 6b. (For MOST, skip to Step 6b.)

a. For JDK 1.3, make sure JAVA_HOME\jre\lib\ext\ has the following jar files:
ibmjceprovider.jar
ibmpkcs.jar
ibmjcefw.jar
ibmjcefips.jar (optional to support FIPS)
local_policy.jar
US_export_policy.jar

JDK 1.4 has the following changes in the location of the jce jar files:
/jre/lib/ibmjcefw.jar
/jre/lib/security/local_policy.jar
/jre/lib/ext/ibmjceprovider.jar
/jre/lib/ibmpkcs11.jar

To start iKeyman, type: gsk6ikm

b. To start iKeyman using the GSKit jce jars (recommended), type:
gsk6ikm -Djava.ext.dirs=GSKit Installation path/classes/jre/lib/ext/

Using the default installation path, the command is:
gsk6ikm -Djava.ext.dirs=/usr/local/ibm/gsk6/classes/jre/lib/ext/

Note: The above jar files and ibmpkcs11.jar are available under GSKit
Installation path
\classes\jre\lib\ext for your convenience. Also, the instructions above assume that /bin/ is included in the system PATH.

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
Historical Number
85036
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Edge Component
Operating system(s): Linux
Software version: 5.0.2
Software edition:
Reference #: 1114611
IBM Group: Software Group
Modified date: Jul 16, 2003